DeepMetaDroid: Real-Time Android Malware Detection Using Deep Learning and Metadata Features

Abstract

The increasing prevalence of Android malware poses significant risks to mobile devices and user privacy. The traditional detection methods have limitations in keeping up with the evolving landscape of malware attacks, necessitating the development of more effective solutions. In this paper, we present DeepMetaDroid, a real-time detection approach for Android malware that leverages metadata features. By analyzing crucial metadata, including APK size, download size, permissions, certificates, and DEX files, the proposed method enables effective identification of malware and enhances mobile security. Using deep learning techniques, a lightweight Android real-time monitoring system is equipped with the trained model. These methods include long short-term memory (LSTM), gated recurrent units (GRU), convolutional neural networks (CNN), deep neural networks (DNN), and other ensemble models. Utilizing the rectified linear unit (ReLU) as the activation function, the DNN model is constructed with 32 neurons in the input layer. A one-dimensional convolutional layer with 32 neurons and a filter size of three is used as the input layer in the CNN model. The LSTM model is designed with an input layer consisting of 16 neurons. The GRU model with 32 neurons is employed in the input layer. Additionally, ensemble models that combined several architectures were developed. The proposed method offers a faster and more scalable solution for malware detection by consuming fewer resources like memory and CPU. This work ensures device security by providing real-time monitoring on Android devices to prevent users from installing malicious applications and, thus, enhance user privacy and security.