Detection of android adware using transfer learning with computer vision.
Loading...
Date
2023
Authors
Katutwa, Kabombo
Journal Title
Journal ISSN
Volume Title
Publisher
The University of Zambia
Abstract
Android malware is a dominant threat category for consumers with a vast majority of
this malware being Adware. Adware is a type of malware that displays unsolicited
pop-up advertisements that are used to generate revenue and can also lead to
installation of trojan horses, spyware, and other malicious software. Over the recent
years there has been an increase in the number and complexity evasive malware,
especially Adware. Despite this, there has not been a lot of focus put on the Adware
malware family. Malware authors are using obfuscation techniques to make their
malware difficult to detect using conventional static and dynamic methods of
analysis, this has led to the rapid adoption of artificial intelligence and machine
learning approaches to overcome these challenges. Malware binaries can be
visualized as images, with the observation that for many malware families, the
images belonging to the same family appear very similar in layout and texture. These
images can then be used as input to train deep neural networks to detection malware.
The goal of this research is to detect android Adware using visual representation of
an android application package (APK) Dalvik Executable (DEX) file and providing
it as an input image to a pre-trained neural network can successfully detect android
Adware apps. Using the CICMalDroid2020 dataset obtained from the University of
New Brunswick Canadian Institute of Cybersecurity as training, validation and test
datasets for my experiments, the DEX files in each APK file are first extracted from
the APK files and then converted to grayscale images. The obtained images are then
applied as input to deep neural networks that use selected pre-trained models namely
VGG16, ResNet50, InceptionV3, EfficientNet v2 and MobileNet v2 to detect
android Adware. Using the confusion matrix to calculate each model’s accuracy,
recall, precision, and f-1 score, the performance results of each trained model are
compared amongst all the models used in this research. The highest performance
measurement of 92 % detection rate on the f1- score performance metric was
achieved by the MobileNet v2 model. The results obtained in my research reveal that
computer vision and transfer learning perform adequately in the detection of android
Adware apps from benign apps.
Keywords: Android Adware, Computer Vision, Deep learning, pre-trained model,
Convolutional Neural Network (CNN), Transfer learning
Description
Thesis
Keywords
Neural networks (Computer science). , Convolutional Neural Network. , Computer vision. , Machine learning. , Deep learning (Machine learning).