Deep Learning-Based Multi-classification for Malware Detection in IoT

Due to the open-source and versatility of the Android operating system, Android malware has exploded, and the malware detection of Android IoT devices has become a research hotspot in recent years. Static analysis technology cannot effectively analyze obfuscated malware. Without decomposing, the existing detection methods are mainly based on grayscale images and single files without analyzing and verifying their anti-obfuscation performance. In addition, the current detection of Android malware using deep learning is concentrated in the field of binary classification. This paper proposes a multi-classification method of the Android malware family based on multi-class feature files and RGB images to solve these problems. The method proposed in this paper does not need to decompile the Android APK installation package. However, it extracts the DEX file and XML file in batch from the APK installation package. Then, it converts the file into an RGB image using the conversion algorithm that converts Android software into images. Finally, the deep neural network automatically obtains the RGB image texture features to realize the multiple classifications of the Android malware family. Experimental data show that the proposed method has high detection performance, and the accuracy of multiple classifications of the Android malware family is as high as 99.84%. In addition, the method based on RGB image is better than the gray-scale image in detection accuracy, and the effect of RGB image combined with DEX and XML is better than that of separate DEX file image and separate XML file image. Therefore, the method proposed in this paper can effectively detect the obfuscated Android malware, and the detection accuracy of 99.23% can be achieved for the obfuscated sample data. Furthermore, this method has good anti-obfuscation ability. The proposed method is compared with those based on Multi-Layer Perceptron, Long Short-Term Memory, bidirectional Long Short-Term Memory and Deep Belief Network. The experimental results show the proposed method's effectiveness and high generalization performance.