MINAD: Multi-inputs Neural Network based on Application Structure for Android Malware Detection

With the proliferation of smartphone demand, the number of malicious applications has increased exponentially with about tens of thousands per month. Among smartphone platforms, the Android operating system with high popularity has become the most target by malware. By some techniques such as employing polymorphic or encrypting payload, signature-based scanning is easily bypassed. With the support from some useful tools and sandboxes recently, the Android applications could be easy to decoded and tracked the executable behavior. It leads machine learning methods to have potential benefits to classify the malware. However, how to define the suitable model with competent features and avoid over-fitting in learning models become other challenges for researchers. In this paper, we propose MINAD (Multi-Inputs Neural network based on application structure for Android malware Detection) method. First, we collect the features of an Android application based on many aspects, and then those features are grouped into three categories: System-based, Library-based, and User-based corresponding the parts of Android application structure which are related with Android system definition, library, users' definitions. Second, each group is reconstructed to have effective feature sets. At last, a multi-input deep neural network is designed with two phases to learn the abstract of each feature group before making the final decision for malware detection. Our performances are evaluated in various samples which are collected from Google Play Store, the Drebin, and AMD Datasets with more than 155,000 samples. The results show that the MINAD method does not only improve Android malware detection's accuracy in comparison with other methods but also improves the stability of the model and reduces the computation costs.