Android’s dominance in the global mobile landscape has made it a prime target for increasingly evasive malware. While machine learning and deep learning have shown promise for Android malware detection, prior studies often evaluate isolated models or rely on narrow datasets, limiting real-world applicability. This paper proposes a unified experimental framework that benchmarks classical machine learning models and deep neural architectures using a hybrid dataset composed of both real-device and emulated Android malware. Features were carefully extracted and fused from static and dynamic sources to create a hybrid representation suitable for both lightweight classifiers and high-capacity deep networks. Seven models were evaluated, including Decision Tree, K-Nearest Neighbours, AdaBoost, Extra Trees, Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and a hybrid CNN-LSTM architecture. The CNN-LSTM model achieved the highest detection accuracy of 99.82%, validating the need for combining spatial and temporal learning from static and behavioural malware characteristics. Our findings shed light on the balance that must be struck between making models interpretable, keeping computational requirements reasonable, and achieving strong detection performance. By examining these aspects together, we hope this work will serve as a useful reference point for researchers who are developing or evaluating hybrid approaches to Android malware detection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Behavioural Analysis for Android Malware Detection: A Deep Learning Approach

  • Mayank Ashok,
  • Rahul Katarya

摘要

Android’s dominance in the global mobile landscape has made it a prime target for increasingly evasive malware. While machine learning and deep learning have shown promise for Android malware detection, prior studies often evaluate isolated models or rely on narrow datasets, limiting real-world applicability. This paper proposes a unified experimental framework that benchmarks classical machine learning models and deep neural architectures using a hybrid dataset composed of both real-device and emulated Android malware. Features were carefully extracted and fused from static and dynamic sources to create a hybrid representation suitable for both lightweight classifiers and high-capacity deep networks. Seven models were evaluated, including Decision Tree, K-Nearest Neighbours, AdaBoost, Extra Trees, Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and a hybrid CNN-LSTM architecture. The CNN-LSTM model achieved the highest detection accuracy of 99.82%, validating the need for combining spatial and temporal learning from static and behavioural malware characteristics. Our findings shed light on the balance that must be struck between making models interpretable, keeping computational requirements reasonable, and achieving strong detection performance. By examining these aspects together, we hope this work will serve as a useful reference point for researchers who are developing or evaluating hybrid approaches to Android malware detection.