DeepVisDroid: android malware detection by hybridizing image-based features with deep learning techniques

Abstract

In this paper, a novel hybrid deep learning model called DeepVisDroid has been suggested for detecting android malware samples based on hybridizing image-based features with deep learning techniques. To this end, four grayscale image datasets have been constructed by converting some files from the source of the android applications into grayscale images. Then, two types of image-based features, namely local features and global features, have been extracted from the constructed image datasets and used for training the proposed model. The bag of visual words representation has been used for constructing one feature vector from multiple local feature descriptors extracted from each image. After that, 1D-convolutional layers-based neural network model has been proposed and trained using the extracted local and global image-based features. To the best of our knowledge, this is the first time that a convolutional neural network model is trained based on this type of features and used in the android malware detection domain. Furthermore, two classical 2D-convolutional layers-based neural network models have been proposed and two well-known deep learning models have been tested in order to compare the results of the proposed DeepVisDroid model with the results of the traditional convolutional neural network models and the results of the state-of-the-art deep learning models. The results of the proposed DeepVisDroid model are very promising, where its classification accuracy reached more than 98% with very efficient run-time overhead ranging between 0.11 and 2.02 s for each sample.