۱- Introduction

۲- Related work

۳- Methodology and experiments

۴- Experimental results and discussions

۵- Conclusion

References

Abstract

The Android operating system has been the most popular for smartphones and tablets since 2012. This popularity has led to a rapid raise of Android malware in recent years. The sophistication of Android malware obfuscation and detection avoidance methods have significantly improved, making many traditional malware detection methods obsolete. In this paper, we propose DL-Droid, a deep learning system to detect malicious Android applications through dynamic analysis using stateful input generation. Experiments performed with over 30,000 applications (benign and malware) on real devices are presented. Furthermore, experiments were also conducted to compare the detection performance and code coverage of the stateful input generation method with the commonly used stateless approach using the deep learning system. Our study reveals that DL-Droid can achieve up to 97.8% detection rate (with dynamic features only) and 99.6% detection rate (with dynamic + static features) respectively which outperforms traditional machine learning techniques. Furthermore, the results highlight the significance of enhanced input generation for dynamic analysis as DL-Droid with the state-based input generation is shown to outperform the existing state-of-the-art approaches.

Introduction

Android operating system, which is provided by Google, is predicted to continue have a dramatic increase in the market with around 1.5 billion Android-based devices to be shipped by 2021 sta. It is currently leading the mobile OS market with over 80% market share compared to iOS, Windows, Blackberry, and Symbian OS. The availability of diverse Android markets such as Google Play, the official store, and third-party markets makes Android devices a popular target to not only legitimate developers, but also malware developers. Over one billion devices have been sold and more than 65 billion downloads have been made from Google Play (Smartphone, 0000). Android apps can be found in different categories, such as educational apps, gaming apps, social media apps, entertainment apps, banking apps, etc. As a technology that is open source and widely adopted, Android is facing many challenges especially with malicious applications. The malware infected apps have the ability to send text mes-sages to premium rate numbers without the user acknowledgment, gain access to private data, or even install code that can download and execute additional malware on the victim’s device. The malware can also be used to create mobile botnets (Anagnostopoulos et al., 2016). Over the last few years, the number of malware samples attacking Android has significantly increased. According to a recent report from McAfee, over 2.5 million new Android malware apps were discovered in 2017, thus increasing the number of mobile malware samples in the wild to almost 25 million in 2017 (McA, 0000).