Android malware detection via multi-feature fusion of permission vectors and BiLSTM-modeled API sequences
摘要
With the widespread popularity of android device and its application, it has becomes a source of target for malware authors. They explore opportunities in vulnerabilities of android devices and its application for their own benefits. Amongs all, android application becomes source to float malicious activities like stealing, spoofing and modifying the information remotely without knowledge of the user consent and disturb their privacy and services in large extent. It has been demonstrated in earlier studies that conventional machine learning is not effective in detecting zero day malware. As security systems have improved, malware authors have also employed sophisticated malware tactics including obfuscation, encryption, and polymorphism in various ways for various purposes. We devised a strong hybrid model that combines Bidirectional Long Short Term Memory (Bi-LSTM) and Multi Layer Perceptron (MLP) to make the system robust. We used both permissions and Application Program Interfaces (API) sequence features to train hybrid model on advanced and updated dataset like TUANDROMD and DREBIN. In this study, we map functionality with permissions, because similar functionality requires similar set of permissions and API sequences are used to identify sequence of operations to fulfill its objectives. We have employed the TensorFlow Keras Tuner to improve the model’s performance. After multiple experiments, the malware detection system achieved a 99.71% F1-Score.