Abstract
The use of smartphone applications based on the Android OS platform is rapidly growing among smartphone users. However, malicious apps for Android are being developed to perform attacks, such as destroying operating systems, stealing confidential data, gathering personal information, and hijacking or encrypting sensitive data. Several malware detection systems based on machine learning have been developed and deployed to extract a variety of features to prevent such attacks. However, new efficient detection methods are needed to extract complex features and hidden structures from malicious apps to detect malware. This paper proposes a novel framework, namely, MalResLSTM, based on deep residual long short-term memory to identify and classify malware variants. The framework imposes a set of constraints on the deep learning architecture to capture dependencies between the extracted features from the Android package kit (APK) file. These feature sets are mapped to a vector space to process the input sequence using a sequence model based on the residual LSTM network. To evaluate the performance of the proposed framework, several experiments are conducted on the Drebin dataset, which contains 129,013 applications. The results demonstrate that MalResLSTM can achieve a 99.32% detection accuracy and outperforms previous algorithms. An extensive experimental analysis was conducted, which included machine-learning-based algorithms and a variety of deep learning-based algorithms, to evaluate the efficiency and robustness of our proposed framework.
Highlights
Malicious software is an unwanted program that intends to harm the victim’s workstations, mobile devices, servers, and gateways [1]
With the advancements in deep intelligent methods, intelligence-based methods have been used in most recent malware detection studies, where both data mining and machine learning are used as intelligent models to identify and classify sophisticated malware apps
Recurrent neural networks can recognize and capture dependencies between sequences. When both deep and recurrent neural networks are tested on the same dataset, Deep neural networks (DNNs) achieves a 99.66% detection rate and MalResLSTM 99.32%
Summary
Malicious software (malware) is an unwanted program that intends to harm the victim’s workstations, mobile devices, servers, and gateways [1]. Common malware programs, such as viruses, worms, trojans, horses, spyware, ransomware, scareware, bots, and rootkits, exploit the system vulnerabilities to infect the target. The APK file includes features such as Windows API calls, the network address, byte n-grams, strings, opcodes, and control flow graphs. This method is not effective against dynamic code loading or code obfuscation.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
