Android malware classification using convolutional neural network and LSTM

Hand phone devices are the latest technological developments of the 20th century. There is an increasing number of fishing, sniffing and other kinds of attacks in this field of technology. Although signature-based methods are usable, they are not very reliable when faced with new kinds of malwares and they are neither accurate nor enough. Furthermore, signature-based methods cannot efficiently detect rapid malware behavior changes. Our classification process consists of not only analyzing of the source code by using Jadx but also analyzing applications and extracting useful features. Two kinds of analyses are used which are called static and dynamic. We concentrate on Android malware classification using Call-Graph and by moreover generating Call-Graphs for both classes.dex and lib.so files which have not been worked before. The proposed method for classification is CNN-LSTM. Since this method is a reasonable choice to learn complex and sequential features, it benefits from both convolutional neural network and long short-term memory which is a type of recurrent neural network. In this method a Sequential Neural Network is designed to do sequence classification as well as conduct a set of experiments on malware detection. In conclusion, CNN-LSTM is compared with several classification methods like Convolutional Neural Network (CNN), Support Vector Machine (SVM), Naive Bayes, Random Forest, and other methods. Obtained results show that, our method is more effective, efficient, and reliable than others even by using the same hardware and dataset.