Skip to main content
Springer Nature Link
Log in

MDLDroid: Multimodal Deep Learning Based Android Malware Detection

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14424))

Included in the following conference series:

Abstract

In the era of Industry 5.0, there has been tremendous usage of android platforms in several handheld and mobile devices. The openness of the android platform makes it vulnerable for critical malware attacks. Meanwhile, there is also dramatic advancement in malware obfuscation and evading strategies. This leads to failure of traditional malware detection methods. Recently, machine learning techniques have shown promising outcome for malware detection. But past works utilizing machine learning algorithms suffer from several challenges such as inadequate feature extraction, dependency on hand-crafted features, and many more. Thus, existing machine learning approaches are inefficient in detecting sophisticated malware, thus require further enhancement. In this paper, we extract behavioural characteristics of system calls and dynamic API features using our proposed multimodal deep learning model (MDLDroid). Our model extracts system call features using LSTM layers and extracts dynamic API features using CNN. Further, both the features are fused in a vector space which is finally classified for benign and malign categories. Comparison with several state-of-the-art approaches on two dataset shows a significant improvement of 4–12% by the metric accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://frida.re/.

  2. 2.

    https://github.com/frida/frida/releases.

  3. 3.

    https://www.unb.ca/cic/datasets/maldroid-2020.html.

  4. 4.

    https://www.unb.ca/cic/datasets/maldroid-2020.html.

  5. 5.

    https://docs.anaconda.com/anaconda/install/index.html.

  6. 6.

    https://anaconda.org/conda-forge/keras.

  7. 7.

    https://docs.anaconda.com/anaconda/user-guide/tasks/tensorflow/.

  8. 8.

    https://www.offensive-security.com/metasploit-unleashed/msfvenom/.

  9. 9.

    https://ibotpeaches.github.io/Apktool/.

  10. 10.

    md5 hash: 9428c569daddeaf815d48768e259ee27.

References

  1. Cyber attacks on android devices on the rise 11 July 2018. https://www.gdatasoftware.com/blog/2018/11/31255-cyber-attacks-on-android-devices-on-the-rise

  2. Global smartphone shipments by OS 2016–2022, statistic. google play protect. android2018 (2018). https://android-developers.googleblog.com/2019/02/google-play-protect-in-2018-new-updates.html

  3. Operating system market share worldwide. https://gs.statcounter.com/os-market-share. Accessed 12 June 2019

  4. Stephanie cuthbertson - director, android - google I/0 2019 keynote speech. https://www.youtube.com/watch?v=lyRPyRKHO8M. Accessed Apr 2020

  5. Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: Androzoo: collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pp. 468–471. IEEE (2016)

    Google Scholar 

  6. Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: DL-droid: deep learning based android malware detection using real devices. Comput. Secur. 89, 101663 (2020)

    Article  Google Scholar 

  7. Arora, A., Peddoju, S.K.: Ntpdroid: a hybrid android malware detector using network traffic and system permissions. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 808–813. IEEE (2018)

    Google Scholar 

  8. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  9. Asam, M., et al.: IoT malware detection architecture using a novel channel boosted and squeezed CNN. Sci. Rep. 12(1), 15498 (2022)

    Article  Google Scholar 

  10. Avdiienko, V., et al.: Mining apps for abnormal usage of sensitive data. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 426–436. IEEE (2015)

    Google Scholar 

  11. Baldi, P., Sadowski, P.J.: Understanding dropout. Adv. Neural. Inf. Process. Syst. 26, 2814–2822 (2013)

    Google Scholar 

  12. Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 13, 1–12 (2017)

    Article  Google Scholar 

  13. Dash, S.K., et al.: Droidscribe: classifying android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261. IEEE (2016)

    Google Scholar 

  14. Fan, M., et al.: Graph embedding based familial analysis of android malware using unsupervised learning. In: 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pp. 771–782. IEEE (2019)

    Google Scholar 

  15. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 281–294 (2012)

    Google Scholar 

  16. Gülmez, S., Sogukpinar, I.: Graph-based malware detection using opcode sequences. In: 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5. IEEE (2021)

    Google Scholar 

  17. Guo, J., Xu, Y., Xu, W., Zhan, Y., Sun, Y., Guo, S.: Mdenet: multi-modal dual-embedding networks for malware open-set recognition. arXiv preprint arXiv:2305.01245 (2023)

  18. Hou, S., Saas, A., Chen, L., Ye, Y.: Deep4maldroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), pp. 104–111. IEEE (2016)

    Google Scholar 

  19. Hou, S., Saas, A., Chen, L., Ye, Y., Bourlai, T.: Deep neural networks for automatic android malware detection. In: Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017, pp. 803–810 (2017)

    Google Scholar 

  20. Kang, B., Yerima, S.Y., McLaughlin, K., Sezer, S.: N-opcode analysis for android malware classification and categorization. In: 2016 International Conference on Cyber Security and Protection of Digital Services (cyber Security), pp. 1–7. IEEE (2016)

    Google Scholar 

  21. Kelkar, S., Kraus, T., Morgan, D., Zhang, J., Dai, R.: Analyzing HTTP-based information exfiltration of malicious android applications. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 1642–1645. IEEE (2018)

    Google Scholar 

  22. Kim, T., Kang, B., Rho, M., Sezer, S., Im, E.G.: A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14(3), 773–788 (2018)

    Article  Google Scholar 

  23. Li, S., Li, Y., Wu, X., Al Otaibi, S., Tian, Z.: Imbalanced malware family classification using multimodal fusion and weight self-learning. IEEE Trans. Intell. Transp. Syst. (2022)

    Google Scholar 

  24. Li, W., Ge, J., Dai, G.: Detecting malware for android platform: an SVM-based approach. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 464–469. IEEE (2015)

    Google Scholar 

  25. Liang, S., Du, X.: Permission-combination-based scheme for android mobile malware detection. In: 2014 IEEE International Conference on Communications (ICC), pp. 2301–2306. IEEE (2014)

    Google Scholar 

  26. Liangboonprakong, C., Sornil, O.: Classification of malware families based on n-grams sequential pattern features. In: 2013 IEEE 8th Conference on Industrial Electronics and Applications (ICIEA), pp. 777–782. IEEE (2013)

    Google Scholar 

  27. Liu, K., Xu, S., Xu, G., Zhang, M., Sun, D., Liu, H.: A review of android malware detection approaches based on machine learning. IEEE Access 8, 124579–124607 (2020)

    Article  Google Scholar 

  28. Liu, X., Du, X., Zhang, X., Zhu, Q., Wang, H., Guizani, M.: Adversarial samples on android malware detection systems for IoT systems. Sensors 19(4), 974 (2019)

    Article  Google Scholar 

  29. Lou, S., Cheng, S., Huang, J., Jiang, F.: TFDroid: android malware detection by topics and sensitive data flows using machine learning techniques. In: 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT), pp. 30–36. IEEE (2019)

    Google Scholar 

  30. Martín, A., Lara-Cabrera, R., Camacho, D.: Android malware detection through hybrid features fusion and ensemble classifiers: the andropytool framework and the omnidroid dataset. Inf. Fusion 52, 128–142 (2019)

    Article  Google Scholar 

  31. Millar, S., McLaughlin, N., del Rincon, J.M., Miller, P.: Multi-view deep learning for zero-day android malware detection. J. Inf. Secur. Appl. 58, 102718 (2021)

    Google Scholar 

  32. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421–430. IEEE (2007)

    Google Scholar 

  33. Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, pp. 300–305. IEEE (2013)

    Google Scholar 

  34. Rahali, A., Lashkari, A.H., Kaur, G., Taheri, L., Gagnon, F., Massicotte, F.: Didroid: android malware classification and characterization using deep image learning. In: 2020 the 10th International Conference on Communication and Network Security, pp. 70–82 (2020)

    Google Scholar 

  35. Reddy, D.K.S., Pujari, A.K.: N-gram analysis for computer virus detection. J. Comput. Virol. 2(3), 231–239 (2006)

    Article  Google Scholar 

  36. Rosmansyah, Y., Dabarsyah, B., et al.: Malware detection on android smartphones using API class and machine learning. In: 2015 International Conference on Electrical Engineering and Informatics (ICEEI), pp. 294–297. IEEE (2015)

    Google Scholar 

  37. Shan, Z., Wang, X.: Growing grapes in your computer to defend against malware. IEEE Trans. Inf. Forensics Secur. 9(2), 196–207 (2013)

    Article  Google Scholar 

  38. Shen, Y., Stringhini, G.: Attack2vec: leveraging temporal word embeddings to understand the evolution of cyberattacks. In: 28th \(\{\)USENIX\(\}\) Security Symposium \(\{\)USENIX\(\}\) Security 2019), pp. 905–921 (2019)

    Google Scholar 

  39. Suzuki, M., Matsuo, Y.: A survey of multimodal deep generative models. Adv. Robot. 36(5–6), 261–278 (2022)

    Article  Google Scholar 

  40. Vosoughi, S., Vijayaraghavan, P., Roy, D.: Tweet2vec: learning tweet embeddings using character-level CNN-LSTM encoder-decoder. In: Proceedings of the 39th International ACM SIGIR conference on Research and Development in Information Retrieval, pp. 1041–1044 (2016)

    Google Scholar 

  41. Wang, S., Chen, Z., Yan, Q., Yang, B., Peng, L., Jia, Z.: A mobile malware detection method using behavior features in network traffic. J. Netw. Comput. Appl. 133, 15–25 (2019)

    Article  Google Scholar 

  42. Xu, P., Zhu, X., Clifton, D.A.: Multimodal learning with transformers: a survey. IEEE Trans. Pattern Anal. Mach. Intell. (2023)

    Google Scholar 

  43. Yang, Z., et al.: i-code: an integrative and composable multimodal learning framework. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 37, pp. 10880–10890 (2023)

    Google Scholar 

  44. Yerima, S.Y., Sezer, S., Muttik, I.: Android malware detection using parallel machine learning classifiers. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 37–42. IEEE (2014)

    Google Scholar 

  45. Yuan, Z., Lu, Y., Xue, Y.: Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21(1), 114–123 (2016)

    Article  Google Scholar 

Download references

Acknowledgment

We acknowledge the Government of India, Ministry of Home Affairs, Bureau of Police Research and Development for funding this research.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Patna, Dayalpur Daulatpur, India

    Narendra Singh & Somanath Tripathy

Authors
  1. Narendra Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Somanath Tripathy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Narendra Singh .

Editor information

Editors and Affiliations

  1. Griffith University, Gold Coast, QLD, Australia

    Vallipuram Muthukkumarasamy

  2. Centre for Development of Advanced Computing (C-DAC), Bangalore, India

    Sithu D. Sudarsan

  3. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singh, N., Tripathy, S. (2023). MDLDroid: Multimodal Deep Learning Based Android Malware Detection. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49099-6_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49098-9

  • Online ISBN: 978-3-031-49099-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics