Android malware detection based on multi-head squeeze-and-excitation residual network

Abstract

The popularity and flexibility of the Android platform makes it the primary target of malicious attackers. The behaviors of malware, such as malicious charges and privacy theft, pose serious security threats to users. Permission granting, as the primary security scheme of Android, is a prerequisite for performing dangerous operations on devices by invoking Application Programming Interfaces (APIs). Besides, permission and hardware features are jointly declared in the manifest file of an application (app) to guarantee its device compatibility. Thus, we extract permissions, API calls and hardware features to characterize apps. Furthermore, we design a novel architectural unit, Multi-Head Squeeze-and-Excitation Residual block (MSer), to learn the intrinsic correlation between features and recalibrating them from multiple perspectives. Based on these two works, we propose a new malware detection framework MSerNetDroid. To investigate the effectiveness of the proposed framework, we analyzed 2,126 malicious apps and 1,061 benign ones collected from VirusShare and Google Play Store. The assessment results demonstrate that the proposed model successful detects malware with an accuracy of 96.48%. We also compare the proposed method with the state-of-the-art approaches, including the use of diversity static features and various detection algorithms. These promising experimental results consistently show that MSerNetDroid is an effective way to detect Android malware.