Affiliation:
1. Department of Computer Engineering, Faculty of Technology, Gazi University, Ankara 06560, Turkey
Abstract
Android phones are widely recognised as the most popular mobile phone operating system. Additionally, tasks like browsing the internet, taking pictures, making calls, and sending messages may be completed with ease in daily life because of the functionality that Android phones offer. The number of situations in which users are harmed by unauthorised access to data emerging from these processes is growing daily. Because the Android operating system is open source and generated applications are not thoroughly reviewed before being released onto the market, this scenario has been the primary focus of hackers. Therefore, technologies to distinguish between malware and benign Android applications are required. CNN-based techniques are proven to produce important and successful outcomes when applied to Android malware detection on images. The CICMalDroid 2020 dataset, which is currently utilised in the literature, was used for this purpose. The features of the apps in the dataset were obtained using the AndroPyTool tool, and faster analysis files of 17,089 Android applications were obtained using the parallel execution technique. Permissions, intents, receivers, and services were used as static analysis features in this article. After these features were obtained, as data preprocessing, the ones with a grand total equal to 1 for each feature in the whole dataset were excluded in order to exclude the features that were specially created by the applications themselves. For each of the features specified for each application, a comma-separated text was obtained according to the usage status of the application. The BERT method was used to digitise the pertinent texts in order to create a unique embedding vector for every feature. Following the digitisation of the vectors, picture files were produced based on the length of each feature. To create a single image file, these image files were combined side by side. Finally, these image files were classified with CNNs. Experimental results were obtained by applying CNNs to the dataset used in the study. As a result of the experiments, a CNN with two outputs provided the highest performance with an accuracy of 91%, an F1-score of 89%, a Recall of 90%, and a Precision of 91%.
Reference71 articles.
1. (2024, February 26). Android Security Paper 2023. Available online: https://services.google.com/fh/files/misc/android-enterprise-security-paper-2023.pdf?utm_medium=blog&utm_source=keyword&utm_content=cta-txt&utm_campaign=2023-oct-global-android_14_security-eng&utm_term=security.
2. (2024, February 26). Market Share of Mobile Operating Systems Worldwide 2009–2023. Available online: https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/.
3. (2024, February 26). On-Device Protections. Available online: https://developers.google.com/android/play-protect/client-protections?hl=en.
4. (2024, February 26). Enhanced Google Play Protect Real-Time Scanning for App Installs. Available online: https://security.googleblog.com/2023/10/enhanced-google-play-protect-real-time.html.
5. Hammood, L., Doğru, İ.A., and Kılıç, K. (2023). Machine Learning-Based Adaptive Genetic Algorithm for Android Malware Detection in Auto-Driving Vehicles. Appl. Sci., 13.