PermQRDroid: Android malware detection with novel attention layered mini-ResNet architecture over effective permission information image.

BACKGROUND

The Android operating system holds the vast majority of the market share in smart device usage worldwide. The Android operating system, which is of interest to users, is increasing its usage rate day by day due to its open source nature and free applications. Applications can be installed on the Android operating system from official application markets and unofficial third-party environments, which poses a great risk to users' privacy and security.

METHODS

In this study, an attention-layered mini-ResNet model is proposed, which can detect QR code-like images created using the 100 most effective defined permission information of Android applications. In the proposed method, permission information is obtained from four different datasets with different number of applications. QR code-like images of size 10x10x1 are created by selecting effective permissions using the chi-square technique. In the proposed classification architecture, residual layers are used to avoid ignoring the residual features of the images, and attention layers are used to focus on specific regions after each residual layer. The proposed architecture has a low number of parameters and memory consumption despite adding the residual layer and the weighting operations in the attention layer.

RESULTS

Using the proposed method, accuracy values of 96.95%, 98.34%, 98.33% and 100% were achieved, respectively, on four datasets containing applications obtained from different sources such as Androzoo, Drebin, Genome and Google Play Store. On the Mix dataset, which is a combination of four datasets, an accuracy value of 96.7% was produced with the proposed method. When 10-fold cross validation was applied to reduce the suggested bias, accuracy values of 97.50%, 98.62%, 98%, 94% and 97.61% were obtained, respectively. The success and durability of the proposed method in different environments have been tested through experiments conducted on different datasets. The results show that the proposed method exhibits better classification performance compared to classical machine learning algorithms, deep learning-based studies using permission information, and similar image-based studies.