Abstract
Today, the number, type and complexity of malware is increasing rapidly. Convolution neural network (CNN) based networks continue to be used in software classification based on image. In this study, a CNN model named Real Time-Droid(RT-Droid), which has a very fast malware detection capability and works based on YOLO V5, is introduced. RT-Droid detects android malware with high accuracy and performs this process at near real-time speed. For this process, firstly the features in the android manifest file are extracted and converted to an image in RGB format similar to QR code. Thus, images become processed by CNN-based deep learning models. These images were used to train VGGNet, Faster R-CNN, YOLO V4 and V5 models with the transfer learning technique. The android malware detection performances of the obtained trained models (weights) were examined. In the tests performed with Drebin, Genome and Arslan dataset, the precision value is 98.3%, while the F-score value is 97.0%. In obtaining these values, only 0.019 s per application was needed for analysis. It also requires 25 times less memory space compared to a gray-scale image. Since the small images of the YOLO V5 model can detect objects with very high accuracy and in real time, it provides serious efficiency in processing time. We also compared the results with VGGNet, Faster R-CNN and YOLO V4, which are commonly used CNN models for object detection, and show that it yields results at a higher rate and at least 5.5 times faster than similarly trained networks. Our method detects hacker-generated Android malware very quickly and with high accuracy, while being robust against obfuscated apps.
Similar content being viewed by others
Data Availability
Malicious: The data that support the findings of this study are available in Drebin at https://www.sec.cs.tu-bs.de/~danarp/drebin/ and http://www.malgenomeproject.org/, reference number Arp et al. (2014) and Genome Zhou and Jiang (2012). These data were derived from the following resources available in the public domain: https://www.sec.cs.tu-bs.de/~danarp/drebin/ and http://www.malgenomeproject.org/. Benign: The data that support the findings of this study are available from the corresponding author upon reasonable request.
References
Statcounter. Mobile operating system market share worldwide(apr 2021-apr 2022), (2022)
Shishkova, T., Kıvya, A.: Mobile malware evolution 2021, (2022)
Jovanovic, B.: A not so common cold: Malware statistics in 2022, (2022)
Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Dl-droid: Deep learning based android malware detection using real devices. Comput. Secur. 89, 101663 (2020)
Mahdavifar, S., Alhadidi, D., Ghorbani, A., et al.: Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J. Netw. Syst. Manag. 30(1), 1–34 (2022)
Tripathi, V., Mittal, A., Gangodkar, D., Kanth, V.: Real time security framework for detecting abnormal events at atm installations. J. Real-Time Image Proc. 16, 535–545 (2019)
Samangouei, P., Patel, V.M., Chellappa, R.: Facial attributes for active authentication on mobile devices. Image Vis. Comput. 58, 181–192 (2017)
Arslan, R.S.: Androanalyzer: android malicious software detection based on deep learning. PeerJ Comput. Sci. 7, e533 (2021)
Liu, K., Shengwei, X., Guoai, X., Zhang, M., Sun, D., Liu, H.: A review of android malware detection approaches based on machine learning. IEEE Access 8, 124579–124607 (2020)
Venkatraman, S., Alazab, M.: Use of data visualisation for zero-day malware detection. Secur. Commun. Netw. 20, 18 (2018)
Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., Xiang, Y.: A survey of android malware detection with deep neural models. ACM Comput. Surv. (CSUR) 53(6), 1–36 (2020)
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: Effective and explainable detection of android malware in your pocket. In Ndss, volume 14, pages 23–26, (2014)
Wang, L., Gao, Y., Gao, S., Yong, X.: A new feature selection method based on a self-variant genetic algorithm applied to android malware detection. Symmetry 13(7), 1290 (2021)
Nguyen, D.V., Nguyen, G.L., Nguyen, T.T., Ngo, A.H., Pham, G.T.: Minad: Multi-inputs neural network based on application structure for android malware detection. Peer-to-Peer Netw. Appl. 2, 1–15 (2021)
Yerima, S.Y., Sezer, S., Muttik, I.: Android malware detection using parallel machine learning classifiers. In 2014 Eighth international conference on next generation mobile apps, services and technologies, pages 37–42. IEEE, (2014)
Singh, J., Singh, J.: A survey on machine learning-based malware detection in executable files. J. Syst. Architect. 112, 101861 (2021)
Sharma, T., Rattan, D.: Malicious application detection in android-a systematic literature review. Comput. Sci. Rev. 40, 100373 (2021)
Shen, T., Gao, C., Dawei, X.: The analysis of intelligent real-time image recognition technology based on mobile edge computing and deep learning. J. Real-Time Image Proc. 18, 1157–1166 (2021)
Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., Zheng, Q.: Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 171, 107138 (2020)
Saponara, S., Elhanashi, A., Gagliardi, A.: Implementing a real-time, ai-based, people detection and social distancing measuring system for covid-19. J. Real-Time Image Process. 2, 1–11 (2021)
Liang, X., Song, Y., Zhang, W., An, Y., Wang, Y., Ning, H.: An efficient foreign objects detection network for power substation. Image Vis. Comput. 109, 104159 (2021)
Ding, P., Qian, H., Chu, S.: Slimyolov4: Lightweight object detector based on yolov4. J. Real-Time Image Proc. 19(3), 487–498 (2022)
Chen, Z., Zhang, F., Liu, H., Wang, L., Zhang, Q., Guo, L.: Real-time detection algorithm of helmet and reflective vest based on improved yolov5. J. Real-Time Image Proc. 20(1), 4 (2023)
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security, pages 1–7, (2011)
Ni, S., Qian, Q., Zhang, R.: Malware identification using visualization images and deep learning. Comput. Secur. 77, 871–885 (2018)
Bensaoud, A., Abudawaood, N., Kalita, J.: Classifying malware images with convolutional neural network models. Int. J. Netw. Secur. 22(6), 1022–1031 (2020)
Lekssays, A., Falah, B., Abufardeh, S.: A novel approach for android malware detection and classification using convolutional neural networks. In ICSOFT, pages 606–614, (2020)
Zhang, W., Luktarhan, N., Ding, C., Bei, L.: Android malware detection using tcn with bytecode image. Symmetry 13(7), 1107 (2021)
Zhang, H., Qin, J., Zhang, B., Yan, H., Guo, J., Gao, F.: A multi-class detection system for android malicious apps based on color image features. In International Conference on Security and Privacy in New Computing Environments, pages 186–206. Springer, (2020)
Vu, L.N., Jung, S.: Admat: A cnn-on-matrix approach to android malware detection and classification. IEEE Access 9, 39680–39694 (2021)
Singh, J., Thakur, D., Ali, F., Gera, T., Kwak, K.S.: Deep feature extraction and classification of android malware images. Sensors 20(24), 7013 (2020)
Kalash, M., Rochan, M., Mohammed, N., Bruce, N.D.B., Wang, Y., Iqbal, F.: Malware classification with deep convolutional neural networks. In 2018 9th IFIP international conference on new technologies, mobility and security (NTMS), pages 1–5. IEEE, (2018)
Kumar, R., Xiaosong, Z., Khan, R.U., Ahad, I., Kumar, J.: Malicious code detection based on image processing using deep learning. In Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, pages 81–85. ICCAI, (2018)
Venkatraman, S., Alazab, M., Vinayakumar, R.: A hybrid deep learning image-based analysis for effective malware detection. J. Inform. Secur. Appl. 47, 377–389 (2019)
Vasan, D., Alazab, M., Wassan, S., Safaei, B., Zheng, Q.: Image-based malware classification using ensemble of cnn architectures (imcec). Comput. Secur. 92, 101748 (2020)
Almomani, I., Alkhayer, A., El-Shafai, W.: An automated vision-based deep learning model for efficient detection of android malware attacks. IEEE Access, (2022)
Kong, K., Zhang, Z., Yang, Z.-Y., Zhang, Z.: Fcscnn: Feature centralized siamese cnn-based android malware identification. Comput. Secur. 112, 102514 (2022)
Yadav, P., Menon, N., Ravi, V., Vishvanathan, S., Pham, T.D.: Efficientnet convolutional neural networks-based android malware detection. Comput. Secur. 2, 102622 (2022)
Naeem, H., Ullah, F., Naeem, M.R., Khalid, S., Vasan, D., Jabbar, S., Saeed, S.: Malware detection in industrial internet of things based on hybrid image visualization and deep learning model. Ad Hoc Netw. 105, 102154 (2020)
Arslan, R.S., Tasyürek, M.: Amd-cnn: Android malware detection via feature graph and convolutional neural networks. Concurr. Comput. Pract. Exp. 34(23), 1–19 (2020)
LeCun, Y., Haffner, P., Bottou, L., Bengio, Y.: Object recognition with gradient-based learning. In: Shape, contour and grouping in computer vision, pp. 319–345. Springer, Berlin (1999)
Paul, S., Singh, L., et al.: A review on advances in deep learning. In 2015 IEEE Workshop on Computational Intelligence: Theories, Applications and Future Directions (WCI), pages 1–6. IEEE, (2015)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Adv. Neural Inf. Process. Syst. 25, 2 (2012)
Alom, M.Z., Taha, T.M., Yakopcic, C., Westberg, S., Sidike, P., Nasrin, M.S., Hasan, M., Van Essen, B.C., Awwal, A.A.S., Asari, V.K.: A state-of-the-art survey on deep learning theory and architectures. Electronics 8(3), 292 (2019)
Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, (2014)
Samo, Z.: Object-detection-with-tensorflow-using-vgg16, (2020)
Girshick, R., Donahue, J., Darrell, T., Malik, J.: Rich feature hierarchies for accurate object detection and semantic segmentation. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 580–587, (2014)
Girshick, R.: Fast r-cnn. In Proceedings of the IEEE international conference on computer vision, pages 1440–1448, (2015)
Ren, S., He, K., Girshick, R., Sun, J.: Faster r-cnn: Towards real-time object detection with region proposal networks. Adv. Neural. Inf. Process. Syst. 28, 91–99 (2015)
Chen, W., Huang, H., Peng, S., Zhou, C., Zhang, C.: Yolo-face: a real-time face detector. Vis. Comput. 37(4), 805–813 (2021)
Taşyürek, M., Öztürk, C.: Ddl: Çoklu kapı numarası tespit etme ve kümeleme için derin öğrenme tabanlı yeni bir yaklaşım. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 37(2), 843–856 (2022)
Moustapha, M., Tasyurek, M., Ozturk, C.: A novel yolov5 deep learning model for handwriting detection and recognition. Int. J. Artif. Intellig. Tools 2, 2 (2022)
Redmon, J., Divvala, S., Girshick, R., Farhadi, A.: You only look once: Unified, real-time object detection. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 779–788, (2016)
Redmon, J., Farhadi, A.: Yolo9000: better, faster, stronger. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 7263–7271, (2017)
Redmon, J., Farhadi, A.: Yolov3: An incremental improvement. arXiv preprint arXiv:1804.02767, (2018)
Bochkovskiy, A., Wang, C.-Y., Liao, H.-Y.M.: Yolov4: Optimal speed and accuracy of object detection. arXiv preprint arXiv:2004.10934, (2020)
Jocher, G., Nishimura, K., Mineeva, T., Vilariño, R.: Yolov5, 2020
Jiang, P., Ergu, D., Liu, F., Cai, Y., Ma, B.: A review of yolo algorithm developments. Proc. Comput. Sci. 199, 1066–1073 (2022)
Shweta Sharma, C., Krishna, R., Kumar, R.: Ransomdroid: Forensic analysis and detection of android ransomware using unsupervised machine learning technique. Forens. Sci. Int. Digital Investig. 37, 301168 (2021)
Zhuang, F., Qi, Z., Duan, K., Xi, D., Zhu, Y., Zhu, H., Xiong, H., He, Q.: A comprehensive survey on transfer learning. Proc. IEEE 109(1), 43–76 (2020)
Weiss, K., Khoshgoftaar, T.M., Wang, D.D.: A survey of transfer learning. J. Big data 3(1), 1–40 (2016)
Rival, J.V., Mymoona, P., Vinoth, R., Mohan, A.M.V., Shibu, E.S.: Light-emitting atomically precise nanocluster-based flexible qr codes for anticounterfeiting. ACS Appl. Mater. Interf. 13(8), 10583–10593 (2021)
Pan, J.-S., Liu, T., Yang, H.-M., Yan, B., Chu, S.-C., Zhu, T.: Visual cryptography scheme for secret color images with color qr codes. J. Vis. Commun. Image Represent. 82, 103405 (2022)
Michael, S., Florian, E., Thomas, S., Felix, C.F., Hoffmann, J.: Mobilesandbox: Looking deeper into android applications. In Proceedings of the 28th International ACM Symposium on Applied Computing (SAC), (2013)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy, pages 95–109. IEEE, (2012)
Minar, M.R.: Imagenet training in pytorch, (2018)
Rath, S.R.: Custom object detection using pytorch faster rcnn, (2021)
Yiu, W.K.: Pytorch yolov4, (2021)
Öztürk, C., Taşyürek, M., Türkdamar, M.U.: Transfer learning and fine-tuned transfer learning methods’ effectiveness analyse in the cnn-based deep learning models. Concurr. Comput. Pract. Exp. 35(4), e7542 (2023)
Taşyürek, M.: Odrp: a new approach for spatial street sign detection from exif using deep learning-based object detection, distance estimation, rotation and projection system. Vis. Comput. 2, 1–21 (2023)
Ishida, T., Yamane, I., Sakai, T., Niu, G., Sugiyama, M.: Do we need zero training loss after achieving zero training error? arXiv preprint arXiv:2002.08709, (2020)
Yongcan, Yu., Zhao, J., Gong, Q., Huang, C., Zheng, G., Ma, J.: Real-time underwater maritime object detection in side-scan sonar images based on transformer-yolov5. Remote Sens. 13(18), 3555 (2021)
Yao, J., Qi, J., Zhang, J., Shao, H., Yang, J., Li, X.: A real-time detection algorithm for kiwifruit defects based on yolov5. Electronics 10(14), 1711 (2021)
Acknowledgements
This work has been supported by Kayseri University Scientific Research Projects Coordination Unit under grant number #FKB-2022-1092.
Author information
Authors and Affiliations
Contributions
All authors contributed to the entire article.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Tasyurek, M., Arslan, R.S. RT-Droid: a novel approach for real-time android application analysis with transfer learning-based CNN models. J Real-Time Image Proc 20, 55 (2023). https://doi.org/10.1007/s11554-023-01311-w
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11554-023-01311-w