Sniffing Android Malware Using Deep Learning

Abstract

Android malware classification problem seems to have been solved with published AUC and F1 scores up to 0.99 or is it a facade, hiding an inherent problem? In this paper, we bring forward a novel method of recognising android malware using object-oriented software metrics-based dataset and deep learning. We realise that the real-world android malware is a minority class and its distribution according to 2017 Google’s android security report, and Miller et al. [17] is estimated to be about 8–12%. The malware distribution in our dataset of 93K samples spanning over three years is around 10.9%. In this study, four data-sampling methods, six feature selection techniques and five deep learning networks with varying hidden layers are used over the imbalanced dataset of 93K samples. A total of 120 different machine-learned models are developed, and its classification potential is compared using area under ROC curve (AUC) metric. Finally, a machine-learned model obtained using upscale sampling (USD) data-sampling method applying significant set of metrics (SGM) feature selection technique over deep learning network with two hidden layers (DL2) yields a better AUC value of 0.893681.