An effective attention and residual network for malware detection

Abstract

AbstractDue to its open source and large user base, Android has emerged as the most popular operating system. Android's popularity and openness have made it a prime target for malicious attackers. Permissions have received great attention from researchers because of their effectiveness in restricting applications’ access to sensitive resources. However, existing malware detection methods based on permissions are easily bypassed by inter‐application resource access. To address these issues, we combine inter‐application resource access‐related intent features with permission features. Besides, we designed a customized convolutional neural network using two squeeze‐and‐excitation blocks to learn the inherent relationships between multi‐type features. The two basic SE blocks perform squeezing operations based on average pooling and max pooling, respectively, to compute channel‐wise attention from multiple perspectives. We designed a series of experiments based on real‐world samples to evaluate the efficacy of the proposed framework. Empirical results demonstrate that our framework outperforms state‐of‐the‐art methods, achieving an accuracy of 96.29%, precision of 97.52%, recall of 94.63%, F1‐score of 96.06% and MCC of 92.60%. These promising experimental results consistently demonstrate that AMERDroid is an effective approach for Android malware detection.