Skip to main content
SpringerLink
Log in

RT-Droid: a novel approach for real-time android application analysis with transfer learning-based CNN models

  • Research
  • Published:
Journal of Real-Time Image Processing Aims and scope Submit manuscript

Abstract

Today, the number, type and complexity of malware is increasing rapidly. Convolution neural network (CNN) based networks continue to be used in software classification based on image. In this study, a CNN model named Real Time-Droid(RT-Droid), which has a very fast malware detection capability and works based on YOLO V5, is introduced. RT-Droid detects android malware with high accuracy and performs this process at near real-time speed. For this process, firstly the features in the android manifest file are extracted and converted to an image in RGB format similar to QR code. Thus, images become processed by CNN-based deep learning models. These images were used to train VGGNet, Faster R-CNN, YOLO V4 and V5 models with the transfer learning technique. The android malware detection performances of the obtained trained models (weights) were examined. In the tests performed with Drebin, Genome and Arslan dataset, the precision value is 98.3%, while the F-score value is 97.0%. In obtaining these values, only 0.019 s per application was needed for analysis. It also requires 25 times less memory space compared to a gray-scale image. Since the small images of the YOLO V5 model can detect objects with very high accuracy and in real time, it provides serious efficiency in processing time. We also compared the results with VGGNet, Faster R-CNN and YOLO V4, which are commonly used CNN models for object detection, and show that it yields results at a higher rate and at least 5.5 times faster than similarly trained networks. Our method detects hacker-generated Android malware very quickly and with high accuracy, while being robust against obfuscated apps.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Data Availability

Malicious: The data that support the findings of this study are available in Drebin at https://www.sec.cs.tu-bs.de/~danarp/drebin/ and http://www.malgenomeproject.org/, reference number Arp et al. (2014) and Genome Zhou and Jiang (2012). These data were derived from the following resources available in the public domain: https://www.sec.cs.tu-bs.de/~danarp/drebin/ and http://www.malgenomeproject.org/. Benign: The data that support the findings of this study are available from the corresponding author upon reasonable request.

References

  1. Statcounter. Mobile operating system market share worldwide(apr 2021-apr 2022), (2022)

  2. Shishkova, T., Kıvya, A.: Mobile malware evolution 2021, (2022)

  3. Jovanovic, B.: A not so common cold: Malware statistics in 2022, (2022)

  4. Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Dl-droid: Deep learning based android malware detection using real devices. Comput. Secur. 89, 101663 (2020)

    Article  Google Scholar 

  5. Mahdavifar, S., Alhadidi, D., Ghorbani, A., et al.: Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J. Netw. Syst. Manag. 30(1), 1–34 (2022)

    Article  Google Scholar 

  6. Tripathi, V., Mittal, A., Gangodkar, D., Kanth, V.: Real time security framework for detecting abnormal events at atm installations. J. Real-Time Image Proc. 16, 535–545 (2019)

    Article  Google Scholar 

  7. Samangouei, P., Patel, V.M., Chellappa, R.: Facial attributes for active authentication on mobile devices. Image Vis. Comput. 58, 181–192 (2017)

    Article  Google Scholar 

  8. Arslan, R.S.: Androanalyzer: android malicious software detection based on deep learning. PeerJ Comput. Sci. 7, e533 (2021)

    Article  Google Scholar 

  9. Liu, K., Shengwei, X., Guoai, X., Zhang, M., Sun, D., Liu, H.: A review of android malware detection approaches based on machine learning. IEEE Access 8, 124579–124607 (2020)

    Article  Google Scholar 

  10. Venkatraman, S., Alazab, M.: Use of data visualisation for zero-day malware detection. Secur. Commun. Netw. 20, 18 (2018)

    Google Scholar 

  11. Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., Xiang, Y.: A survey of android malware detection with deep neural models. ACM Comput. Surv. (CSUR) 53(6), 1–36 (2020)

    Article  Google Scholar 

  12. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: Effective and explainable detection of android malware in your pocket. In Ndss, volume 14, pages 23–26, (2014)

  13. Wang, L., Gao, Y., Gao, S., Yong, X.: A new feature selection method based on a self-variant genetic algorithm applied to android malware detection. Symmetry 13(7), 1290 (2021)

    Article  Google Scholar 

  14. Nguyen, D.V., Nguyen, G.L., Nguyen, T.T., Ngo, A.H., Pham, G.T.: Minad: Multi-inputs neural network based on application structure for android malware detection. Peer-to-Peer Netw. Appl. 2, 1–15 (2021)

    Google Scholar 

  15. Yerima, S.Y., Sezer, S., Muttik, I.: Android malware detection using parallel machine learning classifiers. In 2014 Eighth international conference on next generation mobile apps, services and technologies, pages 37–42. IEEE, (2014)

  16. Singh, J., Singh, J.: A survey on machine learning-based malware detection in executable files. J. Syst. Architect. 112, 101861 (2021)

    Article  Google Scholar 

  17. Sharma, T., Rattan, D.: Malicious application detection in android-a systematic literature review. Comput. Sci. Rev. 40, 100373 (2021)

    Article  Google Scholar 

  18. Shen, T., Gao, C., Dawei, X.: The analysis of intelligent real-time image recognition technology based on mobile edge computing and deep learning. J. Real-Time Image Proc. 18, 1157–1166 (2021)

    Article  Google Scholar 

  19. Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., Zheng, Q.: Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 171, 107138 (2020)

    Article  Google Scholar 

  20. Saponara, S., Elhanashi, A., Gagliardi, A.: Implementing a real-time, ai-based, people detection and social distancing measuring system for covid-19. J. Real-Time Image Process. 2, 1–11 (2021)

    Google Scholar 

  21. Liang, X., Song, Y., Zhang, W., An, Y., Wang, Y., Ning, H.: An efficient foreign objects detection network for power substation. Image Vis. Comput. 109, 104159 (2021)

    Article  Google Scholar 

  22. Ding, P., Qian, H., Chu, S.: Slimyolov4: Lightweight object detector based on yolov4. J. Real-Time Image Proc. 19(3), 487–498 (2022)

    Article  Google Scholar 

  23. Chen, Z., Zhang, F., Liu, H., Wang, L., Zhang, Q., Guo, L.: Real-time detection algorithm of helmet and reflective vest based on improved yolov5. J. Real-Time Image Proc. 20(1), 4 (2023)

    Article  Google Scholar 

  24. Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security, pages 1–7, (2011)

  25. Ni, S., Qian, Q., Zhang, R.: Malware identification using visualization images and deep learning. Comput. Secur. 77, 871–885 (2018)

    Article  Google Scholar 

  26. Bensaoud, A., Abudawaood, N., Kalita, J.: Classifying malware images with convolutional neural network models. Int. J. Netw. Secur. 22(6), 1022–1031 (2020)

    Google Scholar 

  27. Lekssays, A., Falah, B., Abufardeh, S.: A novel approach for android malware detection and classification using convolutional neural networks. In ICSOFT, pages 606–614, (2020)

  28. Zhang, W., Luktarhan, N., Ding, C., Bei, L.: Android malware detection using tcn with bytecode image. Symmetry 13(7), 1107 (2021)

    Article  Google Scholar 

  29. Zhang, H., Qin, J., Zhang, B., Yan, H., Guo, J., Gao, F.: A multi-class detection system for android malicious apps based on color image features. In International Conference on Security and Privacy in New Computing Environments, pages 186–206. Springer, (2020)

  30. Vu, L.N., Jung, S.: Admat: A cnn-on-matrix approach to android malware detection and classification. IEEE Access 9, 39680–39694 (2021)

    Article  Google Scholar 

  31. Singh, J., Thakur, D., Ali, F., Gera, T., Kwak, K.S.: Deep feature extraction and classification of android malware images. Sensors 20(24), 7013 (2020)

    Article  Google Scholar 

  32. Kalash, M., Rochan, M., Mohammed, N., Bruce, N.D.B., Wang, Y., Iqbal, F.: Malware classification with deep convolutional neural networks. In 2018 9th IFIP international conference on new technologies, mobility and security (NTMS), pages 1–5. IEEE, (2018)

  33. Kumar, R., Xiaosong, Z., Khan, R.U., Ahad, I., Kumar, J.: Malicious code detection based on image processing using deep learning. In Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, pages 81–85. ICCAI, (2018)

  34. Venkatraman, S., Alazab, M., Vinayakumar, R.: A hybrid deep learning image-based analysis for effective malware detection. J. Inform. Secur. Appl. 47, 377–389 (2019)

    Google Scholar 

  35. Vasan, D., Alazab, M., Wassan, S., Safaei, B., Zheng, Q.: Image-based malware classification using ensemble of cnn architectures (imcec). Comput. Secur. 92, 101748 (2020)

    Article  Google Scholar 

  36. Almomani, I., Alkhayer, A., El-Shafai, W.: An automated vision-based deep learning model for efficient detection of android malware attacks. IEEE Access, (2022)

  37. Kong, K., Zhang, Z., Yang, Z.-Y., Zhang, Z.: Fcscnn: Feature centralized siamese cnn-based android malware identification. Comput. Secur. 112, 102514 (2022)

    Article  Google Scholar 

  38. Yadav, P., Menon, N., Ravi, V., Vishvanathan, S., Pham, T.D.: Efficientnet convolutional neural networks-based android malware detection. Comput. Secur. 2, 102622 (2022)

    Article  Google Scholar 

  39. Naeem, H., Ullah, F., Naeem, M.R., Khalid, S., Vasan, D., Jabbar, S., Saeed, S.: Malware detection in industrial internet of things based on hybrid image visualization and deep learning model. Ad Hoc Netw. 105, 102154 (2020)

    Article  Google Scholar 

  40. Arslan, R.S., Tasyürek, M.: Amd-cnn: Android malware detection via feature graph and convolutional neural networks. Concurr. Comput. Pract. Exp. 34(23), 1–19 (2020)

    Google Scholar 

  41. LeCun, Y., Haffner, P., Bottou, L., Bengio, Y.: Object recognition with gradient-based learning. In: Shape, contour and grouping in computer vision, pp. 319–345. Springer, Berlin (1999)

    Chapter  Google Scholar 

  42. Paul, S., Singh, L., et al.: A review on advances in deep learning. In 2015 IEEE Workshop on Computational Intelligence: Theories, Applications and Future Directions (WCI), pages 1–6. IEEE, (2015)

  43. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Adv. Neural Inf. Process. Syst. 25, 2 (2012)

    Google Scholar 

  44. Alom, M.Z., Taha, T.M., Yakopcic, C., Westberg, S., Sidike, P., Nasrin, M.S., Hasan, M., Van Essen, B.C., Awwal, A.A.S., Asari, V.K.: A state-of-the-art survey on deep learning theory and architectures. Electronics 8(3), 292 (2019)

    Article  Google Scholar 

  45. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, (2014)

  46. Samo, Z.: Object-detection-with-tensorflow-using-vgg16, (2020)

  47. Girshick, R., Donahue, J., Darrell, T., Malik, J.: Rich feature hierarchies for accurate object detection and semantic segmentation. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 580–587, (2014)

  48. Girshick, R.: Fast r-cnn. In Proceedings of the IEEE international conference on computer vision, pages 1440–1448, (2015)

  49. Ren, S., He, K., Girshick, R., Sun, J.: Faster r-cnn: Towards real-time object detection with region proposal networks. Adv. Neural. Inf. Process. Syst. 28, 91–99 (2015)

    Google Scholar 

  50. Chen, W., Huang, H., Peng, S., Zhou, C., Zhang, C.: Yolo-face: a real-time face detector. Vis. Comput. 37(4), 805–813 (2021)

    Article  Google Scholar 

  51. Taşyürek, M., Öztürk, C.: Ddl: Çoklu kapı numarası tespit etme ve kümeleme için derin öğrenme tabanlı yeni bir yaklaşım. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 37(2), 843–856 (2022)

    Article  Google Scholar 

  52. Moustapha, M., Tasyurek, M., Ozturk, C.: A novel yolov5 deep learning model for handwriting detection and recognition. Int. J. Artif. Intellig. Tools 2, 2 (2022)

    Google Scholar 

  53. Redmon, J., Divvala, S., Girshick, R., Farhadi, A.: You only look once: Unified, real-time object detection. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 779–788, (2016)

  54. Redmon, J., Farhadi, A.: Yolo9000: better, faster, stronger. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 7263–7271, (2017)

  55. Redmon, J., Farhadi, A.: Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767, (2018)

  56. Bochkovskiy, A., Wang, C.-Y., Liao, H.-Y.M.: Yolov4: Optimal speed and accuracy of object detection. arXiv preprint arXiv:2004.10934, (2020)

  57. Jocher, G., Nishimura, K., Mineeva, T., Vilariño, R.: Yolov5, 2020

  58. Jiang, P., Ergu, D., Liu, F., Cai, Y., Ma, B.: A review of yolo algorithm developments. Proc. Comput. Sci. 199, 1066–1073 (2022)

    Article  Google Scholar 

  59. Shweta Sharma, C., Krishna, R., Kumar, R.: Ransomdroid: Forensic analysis and detection of android ransomware using unsupervised machine learning technique. Forens. Sci. Int. Digital Investig. 37, 301168 (2021)

    Article  Google Scholar 

  60. Zhuang, F., Qi, Z., Duan, K., Xi, D., Zhu, Y., Zhu, H., Xiong, H., He, Q.: A comprehensive survey on transfer learning. Proc. IEEE 109(1), 43–76 (2020)

    Article  Google Scholar 

  61. Weiss, K., Khoshgoftaar, T.M., Wang, D.D.: A survey of transfer learning. J. Big data 3(1), 1–40 (2016)

    Article  Google Scholar 

  62. Rival, J.V., Mymoona, P., Vinoth, R., Mohan, A.M.V., Shibu, E.S.: Light-emitting atomically precise nanocluster-based flexible qr codes for anticounterfeiting. ACS Appl. Mater. Interf. 13(8), 10583–10593 (2021)

    Article  Google Scholar 

  63. Pan, J.-S., Liu, T., Yang, H.-M., Yan, B., Chu, S.-C., Zhu, T.: Visual cryptography scheme for secret color images with color qr codes. J. Vis. Commun. Image Represent. 82, 103405 (2022)

    Article  Google Scholar 

  64. Michael, S., Florian, E., Thomas, S., Felix, C.F., Hoffmann, J.: Mobilesandbox: Looking deeper into android applications. In Proceedings of the 28th International ACM Symposium on Applied Computing (SAC), (2013)

  65. Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy, pages 95–109. IEEE, (2012)

  66. Minar, M.R.: Imagenet training in pytorch, (2018)

  67. Rath, S.R.: Custom object detection using pytorch faster rcnn, (2021)

  68. Yiu, W.K.: Pytorch yolov4, (2021)

  69. Öztürk, C., Taşyürek, M., Türkdamar, M.U.: Transfer learning and fine-tuned transfer learning methods’ effectiveness analyse in the cnn-based deep learning models. Concurr. Comput. Pract. Exp. 35(4), e7542 (2023)

    Article  Google Scholar 

  70. Taşyürek, M.: Odrp: a new approach for spatial street sign detection from exif using deep learning-based object detection, distance estimation, rotation and projection system. Vis. Comput. 2, 1–21 (2023)

    Google Scholar 

  71. Ishida, T., Yamane, I., Sakai, T., Niu, G., Sugiyama, M.: Do we need zero training loss after achieving zero training error? arXiv preprint arXiv:2002.08709, (2020)

  72. Yongcan, Yu., Zhao, J., Gong, Q., Huang, C., Zheng, G., Ma, J.: Real-time underwater maritime object detection in side-scan sonar images based on transformer-yolov5. Remote Sens. 13(18), 3555 (2021)

    Article  Google Scholar 

  73. Yao, J., Qi, J., Zhang, J., Shao, H., Yang, J., Li, X.: A real-time detection algorithm for kiwifruit defects based on yolov5. Electronics 10(14), 1711 (2021)

    Article  Google Scholar 

Download references

Acknowledgements

This work has been supported by Kayseri University Scientific Research Projects Coordination Unit under grant number #FKB-2022-1092.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Kayseri University, Kayseri, Turkey

    Murat Tasyurek & Recep Sinan Arslan

Authors
  1. Murat Tasyurek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Recep Sinan Arslan
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the entire article.

Corresponding author

Correspondence to Murat Tasyurek.

Ethics declarations

Conflict of interest

The authors declare no competing interests. 

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tasyurek, M., Arslan, R.S. RT-Droid: a novel approach for real-time android application analysis with transfer learning-based CNN models. J Real-Time Image Proc 20, 55 (2023). https://doi.org/10.1007/s11554-023-01311-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11554-023-01311-w

Keywords

Search

Navigation