Comparison of Single-View and Multi-View Deep Learning for Android Malware Detection

Abstract

Android is the most rapidly developing smartphone operating system because its open-source nature makes it easier for developers to modify Android applications and functionality. This simplicity has also contributed to a rise in the development of malicious software, sometimes known as malware. Malware typically infects applications to damage the system and steal data, leading to substantial losses for Android users. Therefore, it is essential to take preventative steps to detect malware. Deep learning is one such application method. This study compares single-view and multi-view deep learning architectures to identify Android malware using system calls and permissions. The malware analysis method employed is a hybrid method that combines static and dynamic analysis. Genymotion is used to collect system-call features, whereas Androguard is used to extract permissions. The deep learning base model is created using two unique architectures: LSTM (Long short-term memory) for processing system calls and MLP (Multi-Layer Perceptron) for processing permissions. In single-view deep learning architecture, each feature is treated separately on the model. However, multi-view deep learning features are processed on a concatenated model using the concatenate function. According to the assessment findings, the multi-view deep learning architecture model employing the Adam optimizer and the learning rate parameter of 0.005 achieves an accuracy of 83% and an f1 score of 81%. These findings demonstrate a 2% gain in accuracy over the single view model with the same hyperparameters.