AMD-CNN: Android malware detection via feature graph and convolutional neural networks

Android malware has become a serious threat to mobile device users, and effective detection and defence architectures are needed to solve this problem. Recently, machine learning techniques have been widely used to deal with Android malicious apps. These methods are based on a simple feature set and have difficulty detecting up-to-date malware. Therefore, more robust and efficient classification methodologies are needed. In this article, AMD-CNN, an Android malware detection tool, is proposed, and it uses graphical representations to detect malicious apks. In the first step, the features related to the androidmanifest.xml file are extracted and converted into a vector consisting of one or zero. The feature vector is then converted to 2D-code images and used in training the CNN network. The model needs low-resource consumption to run on mobile devices and allow real-time applications to be analyzed. The experiments with 1920 malicious and benign apks show that the malware detection rate (accuracy) was 96.2% and precision, recall, and F-score values were 97.9%, 98.2%, and 98.1%, respectively. The average time and memory space to analyze each application are 0.035 s and 3.38 MB. AMD-CNN is an efficient and robust tool and has advantages over previous studies.