Detecting Android malware using Long Short-term Memory (LSTM)

Abstract

Long Short-term Memory (LSTM) is a sub set of recurrent neural network (RNN) which is specifically used to train to learn long-term temporal dynamics with sequences of arbitrary length. In this paper, long short-term memory (LSTM) architecture is followed for Android malware detection. The data set for evaluation contains real known benign and malware applications from static and dynamic analysis. To achieve acceptable malware detection rates with low computational cost, various LSTM network topologies with several network parameters are used on all extracted features. A stacked LSTM with 32 memory blocks containing one cell each has performed well on detection of all individual behaviors of malicious applications in comparison to other traditional static machine learning classifier. The architecture quantifies experimental results up to 1000 epochs with learning rate 0.1. This is primarily due to the reason that LSTM has the potential to store long-range dependencies across time-steps and to correlate with successive connection sequences information. The experiment achieved the Android malware detection of 0.939 on dynamic analysis and 0.975 on static analysis on well-known datasets.