Classification and Analysis of Android Malware Images Using Feature Fusion Technique

The super packed functionalities and artificial intelligence (AI)-powered applications have made the Android operating system a big player in the market. Android smartphones have become an integral part of life and users are reliant on their smart devices for making calls, sending text messages, navigation, games, and financial transactions to name a few. This evolution of the smartphone community has opened new horizons for malware developers. As malware variants are growing at a tremendous rate every year, there is an urgent need to combat against stealth malware techniques. This paper proposes a visualization and machine learning-based framework for classifying Android malware. Android malware applications from the DREBIN dataset were converted into grayscale images. In the first phase of the experiment, the proposed framework transforms Android malware into fifteen different image sections and identifies malware files by exploiting handcrafted features associated with Android malware images. The algorithms such as Gray Level Co-occurrence Matrix-based (GLCM), Global Image deScripTors (GIST), and Local Binary Pattern (LBP) are used to extract the handcrafted features from the image sections. The extracted features were further classified using machine learning algorithms like K-Nearest Neighbors, Support Vector Machines, and Random Forests. In the second phase of the experiment, handcrafted features were fused with CNN features to form the feature fusion strategy. The classification performance was evaluated against every malware image file section. The results obtained using the Feature Fusion strategy are compared with handcrafted features results. The experiment results conclude to the fact that Feature Fusion-SVM model is most suited for the identification and classification of Android malware using the certificate and Android Manifest (CR + AM) malware images. It attained an high accuracy of 93.24%.

[1]  Hyeran Jeon,et al.  CNN-Based Android Malware Detection , 2017, 2017 International Conference on Software Security and Assurance (ICSSA).

[2]  P. D. Zegzhda,et al.  Applying deep learning techniques for Android malware detection , 2018, SIN.

[3]  Liming Chen,et al.  Multi-scale Color Local Binary Patterns for Visual Object Classes Recognition , 2010, 2010 20th International Conference on Pattern Recognition.

[4]  Barath Narayanan Narayanan,et al.  Performance analysis of machine learning and pattern recognition algorithms for Malware classification , 2016, 2016 IEEE National Aerospace and Electronics Conference (NAECON) and Ohio Innovation Summit (OIS).

[5]  Liming Chen,et al.  Image region description using orthogonal combination of local binary patterns enhanced with color information , 2013, Pattern Recognit..

[6]  Mansour Ahmadi,et al.  DroidScribe: Classifying Android Malware Based on Runtime Behavior , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[7]  Hua Sun,et al.  Android malicious code Classification using Deep Belief Network , 2018, KSII Trans. Internet Inf. Syst..

[8]  Xusheng Xiao,et al.  An Image-Inspired and CNN-Based Android Malware Detection Approach , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[9]  Aziz Makandar,et al.  Malware analysis and classification using Artificial Neural Network , 2015, 2015 International Conference on Trends in Automation, Communications and Computing Technology (I-TACT-15).

[10]  My Abdelouahed Sabri,et al.  Efficient fusion of handcrafted and pre-trained CNNs features to classify melanoma skin cancer , 2020, Multimedia Tools and Applications.

[11]  Aziz Makandar,et al.  Wavelet Statistical Feature based Malware Class Recognition and Classification using Supervised Learning Classifier , 2017 .

[12]  Wei Wang,et al.  Fingerprinting Android malware families , 2018, Frontiers of Computer Science.

[13]  Yang Wang,et al.  Malware Classification with Deep Convolutional Neural Networks , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[14]  Howon Kim,et al.  Visualized Malware Classification Based-on Convolutional Neural Network , 2016 .

[15]  Parvez Faruki,et al.  A Semi-automated Approach for Identification of Trends in Android Ransomware Literature , 2020, MLN.

[16]  Jaiteg Singh,et al.  Deep Feature Extraction and Classification of Android Malware Images , 2020, Sensors.

[17]  Rajesh Kumar,et al.  Analysis of ResNet and GoogleNet models for malware detection , 2018, Journal of Computer Virology and Hacking Techniques.

[18]  Natalia Antropova,et al.  A deep feature fusion methodology for breast cancer diagnosis demonstrated on three imaging modality datasets , 2017, Medical physics.

[19]  Jinjun Chen,et al.  Detection of Malicious Code Variants Based on Deep Learning , 2018, IEEE Transactions on Industrial Informatics.

[20]  Fabio Martinelli,et al.  Evaluating Convolutional Neural Network for Effective Mobile Malware Detection , 2017, KES.

[21]  Chia-Mu Yu,et al.  R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections , 2017, 2018 IEEE International Conference on Big Data (Big Data).

[22]  Alireza Sadeghi,et al.  A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software , 2017, IEEE Transactions on Software Engineering.

[23]  Jaiteg Singh,et al.  Understanding Research Trends in Android Malware Research Using Information Modelling Techniques , 2021 .

[24]  Aziz Makandar,et al.  Malware class recognition using image processing techniques , 2017, 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI).

[25]  Antonio Torralba,et al.  Modeling the Shape of the Scene: A Holistic Representation of the Spatial Envelope , 2001, International Journal of Computer Vision.

[26]  Yongmei Ren,et al.  Multi-Feature Fusion with Convolutional Neural Network for Ship Classification in Optical Images , 2019 .

[27]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[28]  Xiao Zhang,et al.  Android malware detection method based on bytecode image , 2020, Journal of Ambient Intelligence and Humanized Computing.

[29]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[30]  Shedden Masupe,et al.  Analysis of internet of things malware using image texture features and machine learning techniques , 2020, Internet Things.

[31]  Cheng-Jian Lin,et al.  Using Feature Fusion and Parameter Optimization of Dual-input Convolutional Neural Network for Face Gender Recognition , 2020 .

[32]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[33]  Jaiteg Singh,et al.  Android Anti-malware Techniques and Its Vulnerabilities: A Survey , 2019 .

[34]  Youngsoo Kim,et al.  Malware detection using malware image and deep learning , 2017, 2017 International Conference on Information and Communication Technology Convergence (ICTC).

[35]  Guanghui Liang,et al.  Image classification for malware detection using extremely randomized trees , 2017, 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID).

[36]  Wei Wang,et al.  Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network , 2018, Journal of Ambient Intelligence and Humanized Computing.

[37]  Muhammad Ghulam,et al.  Multi-CNN Feature Fusion for Efficient EEG Classification , 2020, 2020 IEEE International Conference on Multimedia & Expo Workshops (ICMEW).

[38]  Gyu Sang Choi,et al.  Wireless Capsule Endoscopy Bleeding Images Classification Using CNN Based Model , 2021, IEEE Access.

[39]  Srinivas Mukkamala,et al.  Image visualization based malware detection , 2013, 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[40]  Abien Fred Agarap,et al.  Towards Building an Intelligent Anti-Malware System: A Deep Learning Approach using Support Vector Machine (SVM) for Malware Classification , 2017, ArXiv.

[41]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[42]  Antonio Torralba,et al.  Building the gist of a scene: the role of global image features in recognition. , 2006, Progress in brain research.

[43]  Volodymyr I. Ponomaryov,et al.  Melanoma and Nevus Skin Lesion Classification Using Handcraft and Deep Learning Feature Fusion via Mutual Information Measures , 2020, Entropy.

[44]  Deepak Thakur Classification of Android Malware using its Image Sections , 2020 .

[45]  Henning Müller,et al.  Late fusion of deep learning and handcrafted visual features for biomedical image modality classification , 2019, IET Image Process..

[46]  Hung-Min Sun,et al.  An Android mutation malware detection based on deep learning using visualization of importance from codes , 2019 .

[47]  Farhan Ullah,et al.  Malware detection in industrial internet of things based on hybrid image visualization and deep learning model , 2020, Ad Hoc Networks.

[48]  Dan Chia-Tien Lo,et al.  Binary malware image classification using machine learning with local binary pattern , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[49]  Nor Badrul Anuar,et al.  The rise of "malware": Bibliometric analysis of malware study , 2016, J. Netw. Comput. Appl..