Android Malware Detection and Classification Based on Network Traffic Using Deep Learning

Abstract

Users of smartphones in the world has grown significantly, and attacks against these devices have increased. Many protection techniques for android malware detection have been proposed; however, most of them lack the early detection of malware. Hence, there is an intense need before to expand a mechanism to identify malicious programs before utilizing the data. Moreover, achieving high accuracy in detecting Android malware traffic is another critical problem. This research proposes a deep learning framework using network traffic features to detect Android malware. Commonly, machine learning algorithms need data preprocessing, but these preprocessing phases are time- consuming. Deep learning techniques remove the need for data preprocessing, and they perform well on malware detection problems. We extract local features from network flows by using the one-dimensional CNN and employ LSTM to detect the sequential relationship between the considerable features. We utilize a real-world dataset CICAndMal2017 with network traffic features to identify Android malware. Our model achieves the accuracy of 99.79, 98.90%, and 97.29%, respectively, in binary, category, and family classifications scenarios.