SHIELD: A Multimodal Deep Learning Framework for Android Malware Detection

Abstract

The widespread adoption of Android OS in recent years is due to its openness and flexibility. Consequently, the Android OS continues to be a prime target for serious malware attacks. Traditional malware detection methods are ineffective as Android malware use sophisticated obfuscation and adapt to the anti-virus defenses. In this paper, we present a multimodal deep learning framework, for unseen Android malware detection, called SHIELD, which employs Markov image of opcodes and dynamic APIs. SHIELD uses multimodal autoencoder (MAE) technique, which cuts down the dependency on feature engineering and automatically discovers the relevant features for malware detection. We validate our approach of unseen malware detection using the CICandMal2020 and AMD benchmarks datasets while achieving detection rates of 94% and 87%, respectively. Further, we created 500 obfuscated backdoor applications to evaluate the effectiveness of SHIELD with respect to other existing mobile anti-malware programs. Existing anti-malware programs fail to detect obfuscated backdoor, while SHIELD successfully flagged the obfuscated backdoor as a malicious application. SHIELD exhibits state-of-the-art performance for traditional malware detection, with an accuracy of 99.52%. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.