Detection of android adware using transfer learning with computer vision.
Date
 2023 
Authors
Katutwa, Kabombo
Journal Title
Journal ISSN
Volume Title
Publisher
 The University of Zambia 
Abstract
 Android malware is a dominant threat category for consumers with a vast majority of 
this malware being Adware. Adware is a type of malware that displays unsolicited 
pop-up advertisements that are used to generate revenue and can also lead to 
installation of trojan horses, spyware, and other malicious software. Over the recent 
years there has been an increase in the number and complexity evasive malware, 
especially Adware. Despite this, there has not been a lot of focus put on the Adware 
malware family. Malware authors are using obfuscation techniques to make their 
malware difficult to detect using conventional static and dynamic methods of 
analysis, this has led to the rapid adoption of artificial intelligence and machine 
learning approaches to overcome these challenges. Malware binaries can be
visualized as images, with the observation that for many malware families, the 
images belonging to the same family appear very similar in layout and texture. These 
images can then be used as input to train deep neural networks to detection malware.
The goal of this research is to detect android Adware using visual representation of 
an android application package (APK) Dalvik Executable (DEX) file and providing 
it as an input image to a pre-trained neural network can successfully detect android 
Adware apps. Using the CICMalDroid2020 dataset obtained from the University of 
New Brunswick Canadian Institute of Cybersecurity as training, validation and test 
datasets for my experiments, the DEX files in each APK file are first extracted from 
the APK files and then converted to grayscale images. The obtained images are then 
applied as input to deep neural networks that use selected pre-trained models namely 
VGG16, ResNet50, InceptionV3, EfficientNet v2 and MobileNet v2 to detect 
android Adware. Using the confusion matrix to calculate each model’s accuracy, 
recall, precision, and f-1 score, the performance results of each trained model are 
compared amongst all the models used in this research. The highest performance 
measurement of 92 % detection rate on the f1- score performance metric was
achieved by the MobileNet v2 model. The results obtained in my research reveal that 
computer vision and transfer learning perform adequately in the detection of android 
Adware apps from benign apps.
Keywords: Android Adware, Computer Vision, Deep learning, pre-trained model, 
Convolutional Neural Network (CNN), Transfer learning 
Description
 Thesis 
Keywords
 Neural networks (Computer science). , Convolutional Neural Network. , Computer vision. , Machine learning. , Deep learning (Machine learning).