DroidDivesDeep: Android malware classification via low level monitorable features with deep neural networks

Abstract

Android, the dominant smart device Operating System (OS) has evolved into a robust smart device platform since its release in 2008. Naturally, cyber criminals leverage fragmentation among varied major release by employing novel attacks. Machine learning is extensively used in System Security. Shallow Learning classifiers tend to over-learn during the training time

hence, the model under performs due to dependence on training data during real evaluation. Deep learning has the potential to automate detection of newly discovered malware families that learn the generalization about malware and benign files to be able to detect unseen or zero-day malware attacks. Deep Neural Networks (DNN) have proven performance with image analysis and text classification. In this paper, our proposal DroidDivesDeep D3, a malware classification and app categorization framework models’ low level monitorable features (e.g., CPU, Memory, Network, Sensors etc.). Our proposal employs low level device runtime attributes unlike the existing techniques considering static extraction approach. D3 evaluates a reasonable dataset consisting 24,343 genuine playstore apps against 8,779 real-world Android malware. In fact, the initial results of our proposal are quite encouraging with 98.65% detection rate with 99.79% accuracy during real evaluation. Our proposal improves upon existing techniques by 23%. © Springer Nature Singapore Pte Ltd. 2019.