Şafak Emre, Doğru İbrahim Alper, Barışçı Necaattin, Atacak İsmail
Department of Information and Communication Technologies, HAVELSAN, Ankara, Turkey.
IoTLab, Department of Computer Engineering, Gazi University, Ankara, Turkey.
PeerJ Comput Sci. 2025 May 30;11:e2918. doi: 10.7717/peerj-cs.2918. eCollection 2025.
Due to the increase in the volume and diversity of malware targeting Android systems, research on detecting this harmful software is steadily growing. Traditional malware detection studies require significant human intervention and resource consumption to analyze all malware files. Moreover, malware developers have developed polymorphism and code obfuscation techniques to evade traditional signature-based detection approaches used by antivirus companies. Consequently, traditional methods have become increasingly inadequate for malware detection. So far, many machine learning methods have been successfully applied to address the issue of malware detection. Recent efforts in this area have turned to deep learning methods. Because these methods can automatically extract meaningful features from data and efficiently learn complex relationships, they can achieve better performance in malware detection as well as in solving many other problems. This article presents BlockDroid, an approach that combines convolutional neural network (CNN) models, ensemble learning, and blockchain technology to increase the accuracy and efficiency of malware detection for mobile devices. By converting Android DEX files into image data, BlockDroid leverages the superior image analysis capabilities of CNN models to discern patterns indicative of malware. The CICMalDroid 2020 dataset, comprising 13,077 applications, was utilized to create a balanced dataset of 3,590 images, with an equal number of benign and malware instances. The proposed detection system was developed using lightweight models, including EfficientNetB0, MobileNetV2, and a custom model as CNN models. Experimental studies were conducted by applying both individual models and the proposed BlockDroid system to our dataset. The empirical results illustrate that BlockDroid surpasses the performance of the individual models, demonstrating a substantial accuracy rate of 97.38%. Uniquely, BlockDroid integrates blockchain technology to record the predictions made by the malware detection model, thereby eliminating the need for re-analysis of previously evaluated applications and ensuring more efficient resource utilization. Our approach offers a promising and innovative strategy for effective and efficient Android malware detection.
由于针对安卓系统的恶意软件在数量和种类上不断增加,检测此类有害软件的研究也在稳步发展。传统的恶意软件检测研究需要大量人力干预和资源消耗来分析所有恶意软件文件。此外,恶意软件开发者已经开发出多态性和代码混淆技术,以规避杀毒公司使用的基于传统签名的检测方法。因此,传统方法在恶意软件检测方面越来越不足。到目前为止,许多机器学习方法已成功应用于解决恶意软件检测问题。该领域最近的努力转向了深度学习方法。因为这些方法可以自动从数据中提取有意义的特征并有效地学习复杂关系,所以它们在恶意软件检测以及解决许多其他问题方面都能取得更好的性能。本文介绍了BlockDroid,一种结合卷积神经网络(CNN)模型、集成学习和区块链技术的方法,以提高移动设备恶意软件检测的准确性和效率。通过将安卓DEX文件转换为图像数据,BlockDroid利用CNN模型卓越的图像分析能力来识别恶意软件的特征模式。使用包含13077个应用程序的CICMalDroid 2020数据集创建了一个由3590张图像组成的平衡数据集,其中良性和恶意软件实例数量相等。所提出的检测系统是使用轻量级模型开发的,包括EfficientNetB0、MobileNetV2以及一个作为CNN模型的自定义模型。通过将单个模型和所提出的BlockDroid系统应用于我们的数据集进行了实验研究。实证结果表明,BlockDroid优于单个模型的性能,展示了高达97.38%的准确率。独特的是,BlockDroid集成了区块链技术来记录恶意软件检测模型所做的预测,从而无需重新分析先前评估过的应用程序,并确保更高效的资源利用。我们的方法为有效且高效的安卓恶意软件检测提供了一种有前景的创新策略。
