BlockDroid: detection of Android malware from images using lightweight convolutional neural network models with ensemble learning and blockchain for mobile devices.

IF 3.5 4区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

PeerJ Computer Science Pub Date : 2025-05-30 eCollection Date: 2025-01-01 DOI:10.7717/peerj-cs.2918

Emre Şafak, İbrahim Alper Doğru, Necaattin Barışçı, İsmail Atacak

{"title":"BlockDroid: detection of Android malware from images using lightweight convolutional neural network models with ensemble learning and blockchain for mobile devices.","authors":"Emre Şafak, İbrahim Alper Doğru, Necaattin Barışçı, İsmail Atacak","doi":"10.7717/peerj-cs.2918","DOIUrl":null,"url":null,"abstract":"<p><p>Due to the increase in the volume and diversity of malware targeting Android systems, research on detecting this harmful software is steadily growing. Traditional malware detection studies require significant human intervention and resource consumption to analyze all malware files. Moreover, malware developers have developed polymorphism and code obfuscation techniques to evade traditional signature-based detection approaches used by antivirus companies. Consequently, traditional methods have become increasingly inadequate for malware detection. So far, many machine learning methods have been successfully applied to address the issue of malware detection. Recent efforts in this area have turned to deep learning methods. Because these methods can automatically extract meaningful features from data and efficiently learn complex relationships, they can achieve better performance in malware detection as well as in solving many other problems. This article presents BlockDroid, an approach that combines convolutional neural network (CNN) models, ensemble learning, and blockchain technology to increase the accuracy and efficiency of malware detection for mobile devices. By converting Android DEX files into image data, BlockDroid leverages the superior image analysis capabilities of CNN models to discern patterns indicative of malware. The CICMalDroid 2020 dataset, comprising 13,077 applications, was utilized to create a balanced dataset of 3,590 images, with an equal number of benign and malware instances. The proposed detection system was developed using lightweight models, including EfficientNetB0, MobileNetV2, and a custom model as CNN models. Experimental studies were conducted by applying both individual models and the proposed BlockDroid system to our dataset. The empirical results illustrate that BlockDroid surpasses the performance of the individual models, demonstrating a substantial accuracy rate of 97.38%. Uniquely, BlockDroid integrates blockchain technology to record the predictions made by the malware detection model, thereby eliminating the need for re-analysis of previously evaluated applications and ensuring more efficient resource utilization. Our approach offers a promising and innovative strategy for effective and efficient Android malware detection.</p>","PeriodicalId":54224,"journal":{"name":"PeerJ Computer Science","volume":"11 ","pages":"e2918"},"PeriodicalIF":3.5000,"publicationDate":"2025-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12192715/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"PeerJ Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.7717/peerj-cs.2918","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/1/1 0:00:00","PubModel":"eCollection","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Due to the increase in the volume and diversity of malware targeting Android systems, research on detecting this harmful software is steadily growing. Traditional malware detection studies require significant human intervention and resource consumption to analyze all malware files. Moreover, malware developers have developed polymorphism and code obfuscation techniques to evade traditional signature-based detection approaches used by antivirus companies. Consequently, traditional methods have become increasingly inadequate for malware detection. So far, many machine learning methods have been successfully applied to address the issue of malware detection. Recent efforts in this area have turned to deep learning methods. Because these methods can automatically extract meaningful features from data and efficiently learn complex relationships, they can achieve better performance in malware detection as well as in solving many other problems. This article presents BlockDroid, an approach that combines convolutional neural network (CNN) models, ensemble learning, and blockchain technology to increase the accuracy and efficiency of malware detection for mobile devices. By converting Android DEX files into image data, BlockDroid leverages the superior image analysis capabilities of CNN models to discern patterns indicative of malware. The CICMalDroid 2020 dataset, comprising 13,077 applications, was utilized to create a balanced dataset of 3,590 images, with an equal number of benign and malware instances. The proposed detection system was developed using lightweight models, including EfficientNetB0, MobileNetV2, and a custom model as CNN models. Experimental studies were conducted by applying both individual models and the proposed BlockDroid system to our dataset. The empirical results illustrate that BlockDroid surpasses the performance of the individual models, demonstrating a substantial accuracy rate of 97.38%. Uniquely, BlockDroid integrates blockchain technology to record the predictions made by the malware detection model, thereby eliminating the need for re-analysis of previously evaluated applications and ensuring more efficient resource utilization. Our approach offers a promising and innovative strategy for effective and efficient Android malware detection.

查看原文本刊更多论文

BlockDroid：从图像中检测Android恶意软件，使用轻量级卷积神经网络模型与集成学习和区块链移动设备。

由于针对Android系统的恶意软件数量和多样性的增加，检测这种有害软件的研究正在稳步增长。传统的恶意软件检测研究需要大量的人工干预和资源消耗来分析所有恶意软件文件。此外，恶意软件开发人员已经开发了多态性和代码混淆技术，以逃避反病毒公司使用的传统基于签名的检测方法。因此，传统的方法已经越来越不适合恶意软件检测。到目前为止，许多机器学习方法已经成功地应用于解决恶意软件检测问题。最近在这一领域的努力转向了深度学习方法。由于这些方法可以自动从数据中提取有意义的特征，并有效地学习复杂的关系，因此它们可以在恶意软件检测以及解决许多其他问题方面取得更好的性能。本文介绍了BlockDroid，一种结合卷积神经网络（CNN）模型、集成学习和区块链技术的方法，以提高移动设备恶意软件检测的准确性和效率。通过将Android DEX文件转换为图像数据，BlockDroid利用CNN模型优越的图像分析能力来识别恶意软件的模式。CICMalDroid 2020数据集包含13077个应用程序，用于创建包含3590个图像的平衡数据集，其中良性和恶意实例的数量相等。所提出的检测系统是使用轻量级模型开发的，包括EfficientNetB0、MobileNetV2和一个自定义模型作为CNN模型。通过将单个模型和提出的BlockDroid系统应用于我们的数据集进行了实验研究。实证结果表明，BlockDroid超越了单个模型的性能，准确率达到了97.38%。独特的是，BlockDroid集成了区块链技术来记录恶意软件检测模型所做的预测，从而消除了对先前评估的应用程序进行重新分析的需要，并确保更有效的资源利用。我们的方法为有效和高效的Android恶意软件检测提供了一种有前途的创新策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

PeerJ Computer Science Computer Science-General Computer Science

CiteScore

6.10

自引率

5.30%

发文量

332

审稿时长

10 weeks

期刊介绍： PeerJ Computer Science is the new open access journal covering all subject areas in computer science, with the backing of a prestigious advisory board and more than 300 academic editors.