Skip to main content
SpringerLink
Log in

Self-attention based convolutional-LSTM for android malware detection using network traffics grayscale image

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

To accurately find malware in a large number of mobile APPs, and determine which family it belongs to is one of the most important challenges in Android malware detection. Existed research focuses on using the extracted features to distinguish Android malicious APPs, and less attention is paid to the category and family classification of Android malware. Meanwhile, feature selection has always been a choose-difficult issue in malware detection with machine learning methods. In this paper, SelAttConvLstm was designed to classify android malware by category and family without manually selecting features. To identify Android malware, we first convert all the network traffic flows into grayscale images according to chronological order through data preprocessing. Second, we design SelAttConvLstm, a deep learning model to detect malicious Android APPs with network flows images. This model can consider both the spatial and temporal features of network flow at the same time. In addition, to improve the performance of the model, self-attention weights are added to focus on different features of the input. Finally, comprehensive experiments are conducted to verify the effectiveness of the detection model. Experimental results showed that our method can not only effectively detect malware, but also classify malware in detail and accurately by category and family.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Number of available applications in the Google Play Store from December 2009 to September 2020 (2020). https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/

  2. Ericsson Mobility Report (2020) https://www.ericsson.com

  3. Sharma T, Rattan D (2021) Malicious application detection in android-a systematic literature review. Comput Sci Rev 40(5):100373. https://doi.org/10.1016/j.cosrev.2021.100373

  4. Wang S, Chen Z, Yan Q, Yang B, Peng L, Jia Z (2019) A mobile malware detection method using behavior features in network traffic. J Netw Comput Appl 133:15–25. https://doi.org/10.1016/j.jnca.2018.12.014

    Article  Google Scholar 

  5. Li W, Zi W, Cai J, Cheng S (2018) An android malware detection approach using weight-adjusted deep learning. 2018 International Conference on Computing, Networking and Communications (ICNC). IEEE Computer Society. https://doi.org/10.1109/ICCNC.2018.8390391

  6. Mahindru A, Sangal AL (2020) Semidroid: a behavioral malware detector based on unsupervised machine learning techniques using feature selection approaches. International Journal of Machine Learning and Cybernetics. https://doi.org/10.1007/s13042-020-01238-9

  7. Shiqi L, Shengwei T, Long Y, Jiong Y, Hua S (2018) Android malicious code classification using deep belief network. Ksii Trans Internet Inf Syst 12(1):454–475. https://doi.org/10.3837/tiis.2018.01.022

    Article  Google Scholar 

  8. Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K (2014) DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket, Network & Distributed System Security Symposium. https://doi.org/10.14722/ndss.2014.23247

  9. Arshad S, Shah MA, Wahid A, Mehmood A, Song H (2018) Samadroid: a novel 3-level hybrid malware detection model for android operating system. IEEE Access:1–1. https://doi.org/10.1109/ACCESS.2018.2792941

  10. Li J, Sun L, Yan Q, Li Z, Srisa-An W, Ye H (2018) Significant permission identification for machine-learning-based android malware detection. IEEE Transactions on Industrial Informatics. https://doi.org/10.1109/TII.2017.2789219

  11. Sabhadiya S, Barad J, Gheewala J (2019) Android malware detection using deep learning. In: 2019 3Rd international conference on trends in electronics and informatics. https://doi.org/10.1109/ICOEI.2019.8862633

  12. Mcgiff J, Hatcher WG, Nguyen J, Yu W, Lu C (2019) Towards multimodal learning for android malware detection, 2019 international conference on computing, networking and communications (ICNC). IEEE. https://doi.org/10.1109/ICCNC.2019.8685502

  13. Li W, Zi W, Cai J, Cheng S (2018) An android malware detection approach using weight-adjusted deep learning. 2018 International Conference on Computing, Networking and Communications (ICNC). IEEE Computer Society. https://doi.org/10.1109/ICCNC.2018.8390391

  14. Kakavand M, Dabbagh M, Dehghantanha A (2018) Application of machine learning algorithms for android malware detection. Computational intelligence and intelligent systems. https://doi.org/10.1145/3293475.3293489

  15. Lee WY, Saxe J, Harang R (2019) SeqDroid: obfuscated android malware detection using stacked convolutional and recurrent neural networks. Deep Learning Applications for Cyber Security. https://doi.org/10.1007/978-3-030-13057-2_9

  16. Zhu D, Xi T, Jing P, Zhang Y (2019) A transparent and multimodal malware detection method for android apps. Modeling, Analysis and Simulation of Wireless and Mobile Systems. https://doi.org/10.1145/3345768.3355915

  17. Ding YX, Zhao WG, Wang Z, Wang LF (2018) Automaticlly learning featurs of android apps using CNN. 2018 International Conference on Machine Learning and Cybernetics. https://doi.org/10.1109/ICMLC.2018.8526935

  18. Hussain SJ, Ahmed U, Liaquat H, Mir S, Humayun M (2019) IMIAD: intelligent malware identification for android platform. 2019 International Conference on Computer and Information Sciences (ICCIS)

  19. Ming F, Xiapu L, Jun L, Meng W, Chunyin N, Qinghua Z, Ting L (2019) Graph embedding based familial analysis of android malware using unsupervised learning. 2019 IEEE/ACM 41st International Conference on Software Engineering

  20. Gao T, Wei P, Sisodia D, Saha TK, Hasan MA (2018) Android malware detection via graphlet sampling. IEEE Transactions on Mobile Computing. https://doi.org/10.1109/TMC.2018.2880731

  21. Sa A, Saa B, Sy A (2019) Mining nested flow of dominant apis for detecting android malware. Computer networks. https://doi.org/10.1016/j.comnet.2019.107026

  22. Ma Z, Ge H, Liu Y, Zhao M, Ma J (2019) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access. https://doi.org/10.1109/ACCESS.2019.2896003

  23. Ge X, Pan Y, Fan Y, Fang C (2019) AMDroid: android malware detection using function call graphs. 2019 IEEE 19th International Conference on Software Quality Reliability and Security Companion (QRS-c)

  24. Martinelli F, Marulli M, Mercaldo M (2017) Evaluating convolutional neural network for effective mobile malware detection. Procedia Computer Science. https://doi.org/10.1016/j.procs.2017.08.216

  25. Xi X, Wang Z, Li Q, Xia S, Yong J (2017) Back-propagation neural network on markov chains from system call sequences: a new approach for detecting android malware with system call sequences. Iet Information Security. https://doi.org/10.1049/iet-ifs.2015.0211

  26. Liang H, Yan S, Da X (2017) An end-to-end model for Android malware detection. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). IEEE. https://doi.org/10.1109/ISI.2017.8004891

  27. Hou S, Saas A, Chen L, Ye Y (2016) Deep4MalDroid: a deep learning framework for android malware detection based on linux kernel system call graphs. 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW). ACM. https://doi.org/10.1109/WIW.2016.040

  28. Singh L, Hofmann M (2017) 2017 International Conference on Intelligent Communication and Computational Techniques (ICCT). IEEE Computer Society. https://doi.org/10.1109/INTELCCT.2017.8324010

  29. Faruki P, Gaur MS, Laxmi V, Zemmari A (2016) MimeoDroid: large scale dynamic app analysis on cloned devices using machine learning classifiers. IEEE/IFIP International Conference on Dependable Systems & Networks Workshop. IEEE

  30. Mahindru A, Paramvir S (2017) Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th Innovations in Software Engineering Conference (ISEC ’17). Association for Computing Machinery, New York. https://doi.org/10.1145/3021460.3021485

  31. Yang M, Wang S, Ling Z, Liu Y, Ni Z (2017) Detection of malicious behavior in android apps through api calls and permission uses analysis. Concurr Comput Practice Exper:e4172. https://doi.org/10.1002/cpe.4172

  32. Vinod P, Shojafar M, Kumar N, Conti M (2019) Identification of android malware using refined system calls. Concurrency and Computation: Practice and Experience (2)

  33. Vp A, Az B, Mc C (2019) A machine learning based approach to detect malicious android apps using discriminant system calls. Future Generation Computer Systems. https://doi.org/10.1016/j.future.2018.11.021

  34. Ali MA, Svetinovic D, Aung Z, Lukman S (2017) Malware detection in android mobile platform using machine learning algorithms. 2017 International Conference on Infocom Technologies and Unmanned Systems (Trends and Future Directions) (ICTUS). https://doi.org/10.1109/ICTUS.2017.8286109

  35. Borges P, Sousa B, Ferreira L, Saghezchi FB, Mantas G, Ribeiro J, et al. (2017) Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals. 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). IEEE. https://doi.org/10.23919/INM.2017.7987434

  36. Kouliaridis V, Barmpatsalou K, Kambourakis G, Wang G (2018) Mal-Warehouse: a data collection-as-a-service of mobile malware behavioral patterns. The 15th IEEE International Conference on Ubiquitous Intelligence and Computing. IEEE. https://doi.org/10.1109/SmartWorld.2018.00260

  37. Gd B, Mf A, Fp B (2020) Malware detection in mobile environments based on autoencoders and api-images. Journal of Parallel and Distributed Computing. https://doi.org/10.1016/j.jpdc.2019.11.001

  38. Xu S, Ma X, Liu Y, Qiang S (2017) Malicious application dynamic detection in real-time API analysis. IEEE International Conference on Internet of Things. IEEE. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.166https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.166

  39. Koli JD (2018) Randroid: Android malware detection using random machine learning classifiers. 2018 Technologies for Smart-City Energy Security and Power (ICSESP). https://doi.org/10.1109/ICSESP.2018.8376705

  40. Feng P, Ma J, Cong S, Xu X, Ma Y (2018) A novel dynamic android malware detection system with ensemble learning. IEEE Access. https://doi.org/10.1109/ACCESS.2018.2844349

  41. Qu Z, Alam S, Yan C, Zhou X, Riley R (2017) DyDroid: measuring dynamic code loading and its security implications in android applications. IEEE/IFIP International Conference on Dependable Systems & Networks. IEEE. https://doi.org/10.1109/DSN.2017.14

  42. Brown J, Anwar M, Dozier G (2016) Detection of mobile malware: An Artificial Immunity Approach. Security & Privacy Workshops. IEEE. https://doi.org/10.1109/SPW.2016.32

  43. Cam NT, Phuoc N (2017) NeSeDroid: Android malware detection based on network traffic and sensitive resource accessing. Springer, Singapore. https://doi.org/10.1007/978-981-10-1678-3_3

  44. Puerta J, Pastor-Lopez I, Sanz B, Bringas PG Network Traffic Analysis for Android Malware Detection. University of Deusto, Avenida de las Universidades 24, 48007 Bilbao, Spain. https://doi.org/10.1007/978-3-030-29859-3_40

  45. Wei W, Ming Z, Zeng X, Ye X, Sheng Y (2017) Malware traffic classification using convolutional neural network for representation learning. 2017 International Conference on Information Networking (ICOIN). IEEE. https://doi.org/10.1109/ICOIN.2017.7899588

  46. Chen Z, Yan Q, Han H, Wang S, Peng L, Wang L, et al. (2018) Machine learning based mobile malware detection using highly imbalanced network traffic. Information ences. https://doi.org/10.1016/j.ins.2017.04.044

  47. Taheri L, Kadir A, Lashkari AH (2019) Extensible android malware detection and family classification using network-flows and API-calls. 2019 International Carnahan Conference on Security Technology (ICCST). https://doi.org/10.1109/CCST.2019.8888430

  48. Lashkari AH, Kadir A, Taheri L, Ghorbani AA (2018) Toward developing a systematic approach to generate benchmark android malware datasets and classification. 2018 International Carnahan Conference on Security Technology (ICCST). https://doi.org/10.1109/CCST.2018.8585560

  49. Rahmat S, Niyaz Q, Mathur A, Sun W, Javaid AY (2019) Network traffic-based hybrid malware detection for smartphone and traditional networked systems. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) IEEE. https://doi.org/10.1109/UEMCON47517.2019.8992934

  50. Arora A, Peddoju SK (2018) NTPDroid: a hybrid android malware detector using network traffic and system permissions. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). https://doi.org/10.1109/TrustCom/BigDataSE.2018.00115

  51. Watkins L, Kalathummarath AL, Robinson WH (2017) Network-Based detection of mobile malware exhibiting obfuscated or silent network behavior. IEEE Consumer Communications & Networking Conference. IEEE. https://doi.org/10.1109/CCNC.2018.8319162

  52. Gonzalez H, Stakhanova N, Ghorbani A (2014) DroidKin: Lightweight detection of android apps similarity. Springer International Publishing. https://doi.org/10.1007/978-3-319-23829-6_30

  53. Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN et al (2017) Attention is all you need. https://arxiv.org/abs/1706.03762v5

  54. Kingma D, Ba J (2014) Adam: a method for stochastic optimization. Computer Science

  55. VirusTotal. (n. d.). VirusTotal. https://www.virustotal.com/

  56. Qiu M, Xu S, Yung M, Zhang H (2015) Android Botnets: What URLs are telling us. International Conference on Network & System Security, Springer International Publishing https://doi.org/10.1007/978-3-319-25645-0

  57. Ravi K, Mallidi S, Santosh JK et al Bat optimization algorithm for wrapper-based feature selection and performance improvement of android malware detection[J]. IET Netw 2021(3). https://doi.org/10.1049/ntw2.12022

  58. Gao H, Cheng S, Zhang W GDroid: Android Malware Detection and Classification with Graph Convolutional Network [J]. Computers & Security 2021. https://doi.org/10.1016/j.cose.2021.102264

  59. Imtiaz SI, et al. (2020) DeepAMD: detection and identification of android malware using high-efficient deep artificial neural network. Futur Gener Comput Syst 115. https://doi.org/10.1016/j.future.2020.10.008

  60. Tanha J, Abdi Y, Samadi N, et al. (2020) Boosting methods for multi-class imbalanced data classification: an experimental review[J]. J Big Data 7(1):70. https://doi.org/10.1186/s40537-020-00349-y

    Article  Google Scholar 

  61. Benavoli A, Corani G, Demsar J, et al. (2016) Time for a change: a tutorial for comparing multiple classifiers through Bayesian analysis[J]. J Mach Learn Res:18

  62. Bishop C (2006) Pattern Recognition and Machine Learning [M]

  63. Matuszewski P, Kruschke JC (2015) Recenzja: Doing bayesian data analysis: a tutorial with R, Jags and Stan. Academic Press, San Diego, Kindle edition, ss. 776

Download references

Acknowledgements

The authors gratefully acknowledge the support from the National Natural Science Foundation of China No.62102348,No.6177245; Natural Science Foundation of Hebei Province, China No.F2019203287; Science and Technology Research Project of Hebei University No.QN2020183; and the Doctoral Fund of Yanshan University, No.BL18003;Key R & D projects in Hebei Province under Grant 21370103D; Hebei University of Applied Sciences Research Association Project,JY2022049; Hebei Agricultural Data Intelligent Perception and Application Technology Innovation Center, Hebei,Qinhuangdao.

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Yanshan University, Qinhuangdao, HeBei, 066004, China

    Limin Shen, Jiayin Feng, Zhen Chen, Zhongkui Sun, Dongkui Liang, Hui Li & Yuying Wang

  2. School of Mathematics and Information Science and Technology, Hebei Normal University of Science and Technology, Qinhuangdao, HeBei, China

    Jiayin Feng & Hui Li

Authors
  1. Limin Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiayin Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhen Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhongkui Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dongkui Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yuying Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiayin Feng.

Ethics declarations

Conflict of Interests

The authors declare that they have no conflict of interest.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shen, L., Feng, J., Chen, Z. et al. Self-attention based convolutional-LSTM for android malware detection using network traffics grayscale image. Appl Intell 53, 683–705 (2023). https://doi.org/10.1007/s10489-022-03523-2

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-022-03523-2

Keywords

Search

Navigation