PermQRDroid: Android malware detection with novel attention layered mini-ResNet architecture over effective permission information image

Motivation and contributions

The open source nature and popularity of the Android operating system make it a target for cyber attackers. The fact that the Android operating system allows applications downloaded from third-party environments as well as official application markets to be run leaves users vulnerable to cyber attackers. In recent years, many studies have been conducted on Android malware detection. Studies conducted using static analysis are especially popular because they analyze the application before it is run and because they are fast. Information obtained from the application file is needed for malware detection using static analysis. In Android applications, the permission information requested from the user is of critical importance. These permissions are effective in deciding whether the applications are malware or benign. Especially malware applications tend to demand more work. For this reason, researchers have conducted many studies focusing on permission information. Permission information vectors consist of values of 0 and 1. Not all permission information may be meaningful for classification. For this reason, permission information is selected using feature selection techniques in the studies conducted and classified using classical machine learning methods.

In recent years, hardware developments have increased the interest in deep learning architectures. Android malware researchers are interested in classifying the features obtained from Android applications using architectures such as one-dimensional convolutional neural network model (1DCNN) and long short term memory (LSTM) in order to obtain more successful results. At the same time, they provide image transformation by digitizing the byte array or textual information of the applications. Successful results have been obtained by using two-dimensional convolutional neural networks (2DCNN) and transfer learning approaches. However, there is a lot of meaningless information in the studies where image transformation is performed. The created image sizes are large and the CNN architectures used contain a large number of parameters. Lightweight and low-parameter structures are insufficient in terms of performance. Some studies have used residual blocks and attention blocks to increase performance, but the methods they present contain a large number of parameters. In addition, studies on Android malware detection have been performed on a single dataset. The performance of the proposed models on different datasets has not been shown.

In this study, permission information that is effective for Android malware detection is selected and converted into QR code-like images. The aim is to both use the effect of permission information and reduce the number of parameters with small-sized images created from permission information. It is aimed to benefit from the feature extraction and classification power of CNNs by not using meaningless information in the image and ensuring image transformation of effective permission information. The proposed method is tested on four data sets obtained from different sources. At the same time, both the bias of the proposed model is reduced and the effect of the established architecture is measured with cross validation and ablation studies.

The following research questions have been determined in line with our aims and objectives:

RQ1 What is the classification performance when the permission information of Android applications is converted to images? In this context, 20x20 images were created and classified without subjecting the permission information of the applications to any feature selection process.

RQ2 Can detection performance be increased by using small-sized images created by selecting effective permissions and eliminating meaningless information? The most effective 100 features were selected using the chi-square technique and 10x10 images were created.

RQ3 What is the performance of the lightweight CNN architecture to be created using the attention block and residual block against existing methods? The findings obtained with the created architecture are compared with existing methods.

RQ4 What is the performance of the proposed model on data sets with multiple and different data numbers, unlike existing studies? The performance of the proposed model was tested on four different data sets. At the same time, all data sets were combined to create a Mix dataset. The consistency of the proposed model was measured using cross validation for all data sets.

RQ5 Is the performance of the proposed model with images generated from permission information successful against classical machine learning techniques? Classification was performed with classical machine learning techniques and compared with the proposed model.

The main contributions of our study to the literature, which was conducted as a result of experiments to seek answers to the five research questions above, can be summarized as follows:

• In this study, four data sets from different sources were used to verify the proposed method. Similar studies have conducted experiments on only one data set. The stability and reliability of the proposed model, independent of the number of data, were tested with data sets with different data numbers used in the study.

• There are image-based studies that use permission information, but as seen in the literature review, this study is the first to use a QR code-like image with the selection of effective permissions.

• A new attention layered mini-ResNet architecture with five blocks, including three residual layers and three attention layers, is proposed for feature extraction and classification. The proposed architecture does not ignore residual features with residual layers and achieves high accuracy by focusing on certain parts of the image with attention layers in each block.

• The proposed architecture has the advantage of being able to work with images of minimum 10 × 10 size and higher compared to high-resolution studies that use byte array images in Android malware detection.

• The attention layered mini-ResNet model with contains a very low number of parameters and takes up less space in memory compared to transfer learning architectures. It has approximately 11 times fewer parameters and 3.5 times less memory size than MobileNet, the lightest and fastest transfer learning architecture..

• The proposed method produces more successful results compared to similar permission-based and image-based studies in the literature.

Studies using permission information

Atacak, Kılıç & Doğru (2022) proposed a new feature reducer and classifier CNN+Adaptive Neuro-Fuzzy Inference System (ANFIS) hybrid model for the detection of Android malware. In their proposed method, they used convolution and fully connected layer instead of feature selection methods such as information gain from permission information and chi-square test. By obtaining new features from the permission information with convolution layers, they integrated the data as input into the ANFIS architecture with five neurons placed in the fully connected layer. They tested their CNN+ANFIS architecture with two different datasets. They achieved 92% accuracy in the first dataset and 94.66% accuracy in the second dataset.

Mat et al. (2022) tried to detect Android malware using the Bayesian probability algorithm. They extracted permission information from 10,000 apk files obtained from Androzoo and Drebin datasets. They applied information gain and chi-square test to select permission information and presented comparative analysis with different number of features. The most successful result was found to be 91.1% by selecting 30 features with the chi-square test.

Altaher & Barukab (2017) proposed a fuzzy logic based classifier on permission information. They obtained the permission information of the applications and selected 24 features using the information gain method. In the classification stage, they used the hybrid fuzzy c-means (FCM)-ANFIS model by combining fuzzy c-means clustering and ANFIS model. As a result of the study, they achieved 91% accuracy (Altaher & Barukap, 2017). In a similar study, Abdulla & Altaher (2015) extracted the permission information of 200 applications. They obtained 24 features with the information gain method. They divided the 1 × 24 feature vector consisting of 0 and 1 values into 3 groups and converted the 8 values in each group into byte format. In the classification stage, they used KNN-based fuzzy clustering method together with ANFIS. As a result of the study, they reached an accuracy value of 75% (Abdulla & Altaher, 2015).

Arslan (2022) tried to detect malware by dividing permission-based features into groups of 11 permissions. The unbalanced dataset was balanced using the SMOTE technique. He conducted experiments with classical machine learning techniques, DNN, LSTM and GRU for the classification process. As a result of the experiments, it was observed that the most successful result was obtained with the ExtraTree algorithm and reached 92.9% accuracy with this method (Arslan, 2022).

Şahin et al. (2023) proposed a linear regression-based method on permission information. They tested their methods on different datasets and compared them with different classifiers. Researchers who increased the classification performance with ensemble classifiers achieved an accuracy value of 95.6% with the AMD (Wei et al., 2017) dataset and 91.87% with the Lopez’s (Urcuqui-López & Cadavid, 2016) dataset. They reached an accuracy value of 82.94% with M0Droid (Damshenas et al., 2015) and 96.69% with Arslan’s (Arslan, 2021) dataset (Şahın, Akleylek & Kiliç, 2022). In a similar study, Şahin et al. (2023) aimed to eliminate unnecessary features by using a linear regression-based feature selection approach during the feature selection phase. In the experiments, they obtained a 96.1% F-score with the MLP algorithm (Şahin et al., 2023).

Image based studies

Successful results are achieved for Android malware detection by using deep learning and machine learning methods with developing GPUs and CPUs. While researchers search for different features of applications, they also convert the features into different formats such as images and audio (Yadav et al., 2022; Tarwireyi, Terzoli & Adigun, 2023; Kural, Kiliç & Aksaç, 2023; Tang et al., 2024). The reason for this is to benefit from the feature extraction and classification power of deep learning. However, in studies where image transformation is performed, feature selection is automatically extracted and classification can be made without the need for expert knowledge.

Yadav et al. (2022) used dex files of applications for Android malware detection. They converted the byte array of Dex files into a square format image with RGB color channels. Their study presented a comparative analysis using a stacking ensemble classifier consisting of SVM and RF algorithms and the analysis of 26 different pre-trained CNN architectures. Researchers who want to use the advantages of transfer learning in malware detection have achieved an accuracy value of 95.7% on 5,986 images with the EfficientNet -B4 architecture.

Yen & Sun (2019) analyzed apk files using natural language processing methods. Researchers weighted the texts with the Tf-IDF method and converted the numerical feature vectors they obtained into images. After analyzing a total of 1,440 applications and creating the image dataset, they classified them using CNN architecture. As a result of their studies, they reached 92% accuracy.

Xiao & Yang (2020) developed a CNN architecture that learns from dalvik byte code. In their method, the dalvik byte code stored in dex files is converted into images with RGB channels. They carried out experiments on a total of 10,540 images with the lightweight CNN architecture they established. As a result of the experiment, they obtained an accuracy value of 93%.

Zhu et al. (2023) created feature vectors using permissions, hardware and API calls. They converted the feature vector they obtained into an image of 18 × 18 size. They presented a new CNN architecture called MSerNetDroid to classify images. They tested their proposed MSerNetDroid architecture on 3,187 applications collected from Virusshare and Google Play Store and reached 96.48% accuracy.

Aurangzeb et al. (2024) created the AndroDex dataset containing 24,746 apk files. This dataset, which includes Dex images, also represents apk files with code obfuscation techniques applied. In their study, the researchers applied normalization to the images and then performed dimension reduction with PCA. In their experiments with classical machine learning algorithms, they achieved a 95% accuracy value with the XGBoost algorithm.

Tasyurek & Arslan (2023) proposed a method called RT-Droid to detect real-time Android malware. In their proposed method, permission information is extracted from the manifest.xml file and converted to a 19 × 19 image in RGB format. 6,760 malignant samples were obtained from Drebin and Genome projects, and 961 benign samples were obtained from Arslan’s dataset. They used YOLO V5 architecture to classify images in their fast detection method. Using the transfer learning technique, they reached an accuracy value of 94.2% with the YOLO V5 architecture.

Arslan & Tasyurek (2022) proposed the AMD-CNN method for malware detection using graphical representations. In their proposed method, they obtained all the information from the manifest.xml file and converted it into a 2D-code image. In their study consisting of a total of 1920 images, they used CNN architecture for classification and feature extraction. They achieved 96.2% accuracy performance with the AMD-CNN method, which can make fast detection. Table S1 provides a summary of image-based Android malware detection studies.

Data collection

In order to evaluate our method for Android malware detection, four different datasets were used in this study. These datasets are named Dataset1, Dataset2, Dataset3 and Dataset4. Datasets were collected from different environments and their apk quantities are different. The purpose of this is to demonstrate the effectiveness and data independence of the presented method. In addition, it is to create a robust model against the disadvantages of all of these datasets.

Dataset1 was collected from the Androzoo (Allix et al., 2016) environment and contains 20,000 benign and 20,000 malware samples. There are currently 24,499,587 applications in the Androzoo environment. Malware samples belonging to Dataset1 used in this study were detected by at least 10 antivirus programs and are available in the Google Play Store. Benign samples, on the other hand, could not be detected by antivirus programs and were downloaded based on the condition that they were found in the Google Play Store.

Dataset2 contains 5,498 applications from the Drebin (Arp et al., 2014) dataset and 1,163 applications from the Genome (Zhou & Jiang, 2012) dataset. Benign applications were collected by Arslan (2021) and there are 961 pieces. The dataset containing a total of 7,622 applications was used in Arslan’s (2021) study called “AndroAnalyzer”.

Dataset3 consists of 1,000 benign and 1,000 malware samples. Malware samples were taken from the Drebin (Arp et al., 2014) dataset. The Drebin dataset, which consists of 179 malware families, contains a total of 5,560 malware. Benign samples were obtained from the APKPure website. Benign samples are available on the Google Play Store market and were scanned with VirusTotal (VT Team, 2020).

Dataset4 contains 250 benign and 250 malware samples. Malware samples were taken from the CICMalDroid 2020 (Mahdavifar et al., 2020) dataset. The CICMalDroid dataset contains 17,341 applications in five different categories. Benign applications were obtained from the Google Play Store market and scanned with the VirusTotal application and they were determined to be benign. Table S2 gives the number of applications and sources of the datasets.

Proposed method

In this study, a QR code-like image of permission information is created to detect Android malware. These images are classified with a new CNN architecture that has attention and residual layers. In the first stage of our method, permission information is extracted from the AndroidManifesxt.xml file. After this stage, the 100 most effective permission information is selected with the chi-square test on the created dataset. Single-channel QR code-like images are created after the selected permissions are converted into a 10 × 10 matrix. These images contain low-dimensional and meaningful information. Our goal is to detect malware quickly and with high accuracy. In the final stage, a mini-ResNet model with 3 block layers containing residual layers is created for classification. By adding attention layers to this model, PermQRDroid architecture is created. Figure 1 shows the graph of the proposed method.

Feature extraction and selection process

In detection studies using static analysis, the first step is usually to decompile files with .apk extension. APK (Android Pocket Kit) are compressed .zip type files that contain libraries, source codes, permissions, directories and resources of Android applications (Aurangzeb et al., 2024). In the feature extraction process, firstly, apk extension files were analyzed using APKTool and AndroidManifest.xml files were obtained. Permission information was obtained from xml files kept with application names in a single folder. Two approaches can be followed to obtain permission information and create feature vectors. First, a list of known permission names can be created in the Android operating system and checked for each application whether it contains a permission in the permission list. In the second approach used in this study, the manifest files of existing apk files are accessed and the permissions requested by each application are kept in a list. For example, if more than one application requires the same permission, that permission information is written once. However, when a different permission is seen, it is added to the list. The columns of the Excel file are created with the created list, and then for each application, the value 1 is added to the permission field it contains, and 0 is added to the permission fields it does not contain. The process of obtaining permission information from the manifest file and creating feature vectors is shown in Fig. 2.

Feature selection is the process of eliminating irrelevant features and selecting effective features that have a high impact on classification. This process has proven effective in detecting Android malware, especially in studies using permission information (Altaher & Barukap, 2017; Abdulla & Altaher, 2015; Şahin et al., 2023). It has been determined that some information in the list of permission information has no effect on classification. For this reason, chi square technique was used to obtain 100 effective features. Selection of the effective 100 features both reduces the parameter of the model and increases the detection speed.

Chi-square Method: This test, which is a statistical method, is used in the analysis of categorical data. It evaluates the difference between real frequencies and desired frequencies and checks the accuracy of a hypothesis accordingly (Dhal & Azad, 2022). Chi-square test is calculated using the following formula. (1)${\displaystyle {\chi }^2=\sum _{i=1}^k\frac{{\left(O_i-E_i\right)}^2}{E_i}.}$

In this formula, O_i refers to the observed values, E_i refers to the expected values, and k refers to the number of categories.

Chi-square test is applied to the dataset consisting of permission information and the classification effect scores of all features are calculated. According to the score, all features are ranked from largest to smallest. Starting from the highest, 100 permission information is selected and other permission information is removed from the dataset. SkiLearn library in Python programming language was used for chi-square test.

Image creation process

The permission information extraction approach applied in this study may differ depending on the dataset and number of applications. Four different datasets are used for experiments. The permission information vectors extracted in these datasets consist of feature vectors in the range of 1 × 325–1 × 398. These values are not suitable for creating a square image. CNN architectures, on the other hand, can work with square format images. For this reason, raw permit information is first converted into a feature vector of size 1 × 400 for each dataset and square matrices of size 20 × 20 are obtained. For conversion to 1 × 400 size, the value 0 is added to the feature vector as many as the number of missing columns, ensuring that it becomes a perfect square.

The experiments are evaluated on two different image sizes. One of the main aims of the study is to make detection quickly and with high accuracy through images created by effective features. For this reason, 100 effective permission information is selected and 10 × 10 square matrices are obtained. A value of 255 is assigned to each 0 in the matrices to transform the 10 × 10 and 20 × 20 sized matrices of the datasets into images, and a 0 value is assigned to each 1 value in the matrices to create QR code-like images. The images created have a single channel of size 10 × 10 × 1 and 20 × 20 × 1. The diagram of square matrix formation from permission information vectors and QR code-like image transformation is shown in Fig. 3.

QR code-like images created in 10 × 10 × 1 and 20 × 20 × 1 dimensions are shown in Fig. 4.

The selection of 100 permission information and creation of single-channel QR code-like images of 10 × 10 × 1 size will ensure that the number of parameters of the network is low in both the feature extraction and classification stages. In addition, the created CNN architecture will also positively affect the detection speed and ensure that memory consumption is less than a 3-channel image.

Model architecture

Deep learning, which essentially emerges by deepening artificial neural networks, enables complex calculations to be made on large amounts of data (LeCun, Bengio & Hinton, 2015). In the task of feature extraction and classification from images, CNN are popular and are the most widely used deep learning architecture. While CNN architectures can process images using 2D convolution layers, they can also work on 1D data with 1D layers (Atacak, Kılıç & Doğru, 2022). Classic CNN architecture consists of convolution, activation, pooling and fully connected layers (Gu et al., 2018). In the convolution layer, a filter is moved over the image matrix with the specified size and the specified number of steps. In this shifting process, the weights on the filter are multiplied by the values in the image matrix and a new value is obtained from the sum of all multiplications (Li et al., 2021). The convolution process is calculated with the following formula. (2)${\displaystyle Z_{i,j}^{\left(k\right)}={\left(X\ast W^{\left(k\right)}\right)}_{i,j}+b^{\left(k\right)}=\sum _{m=0}^{M-1}\sum _{n=0}^{N-1}{X}_{i+m,j+n}\cdot W_{m,n}^{\left(k\right)}+b^{\left(k\right)}.}$

In this formula, X is the input information, W stands for the weight matrix, b stands for the bias value, * stands for the convolution operator, M and N stand for the filter size, and Z stands for the output. An output is created in the activation layer, which takes each value in the feature map obtained from the convolution layer as input. The output value of the ReLU activation function is calculated with the formula below. (3)${\displaystyle A_{i,j}^{\left(k\right)}=ReLU\left(Z_{i,j}^{\left(k\right)}\right)=max\left(0,Z_{i,j}^{\left(k\right)}\right).}$

In this formula, A refers to the output of the activation layer and Z refers to the output of the convolution layer.

In the pooling layer, the size of the feature maps is reduced. It allows capturing important features of the current image and allows representing the image in a smaller size. Maximum pooling is calculated by the formula below. (4)${\displaystyle P_{i,j}^{\left(k\right)}=ma{x}_{\left(m,n\right)\in pool}{A}_{i+m,j+n}^{\left(k\right)}.}$

Here P refers to the output value of the pooling layer. “max” refers to selecting the maximum value in the pooling region, and “pool” refers to the window dimensions.

Residual block

Residual blocks used in the ResNet architecture introduced by He et al. (2016) were presented as a solution to the vanishing gradient problem in CNN networks. Residual blocks prevent residual feature from being ignored by adding the input information to the output information of the layers (He et al., 2016). Transactions made in residual blocks are calculated with the following formula. (5)${\displaystyle y=F\left(x,\left\{W_i\right\}\right)+x.}$

In this formula, x refers to the input information and Wi refers to the weight values in the filters. According to the formula, the weights are multiplied by the x input information and feature maps are created. By adding x input information to these feature maps, y output is obtained.

Attention block

Attention blocks enable focusing on the prominent features of the image whose features are extracted in CNN architectures (Vaswani et al., 2017; Niu, Zhong & Yu, 2021). This block consists of two stages: squeezing and excitation blocks.

Squeeze: In this process, global average pooling is performed and compression is performed on a channel basis. The formula for the compression process is as follows. (6)${\displaystyle z_c=\frac{1}{H\times W}\sum _{i=1}^H\sum _{j=1}^W{X}_{i,j,c}.}$

In this formula, X refers to the input information and its dimensions are expressed as HxWxC. HxW is the height and width of the input matrix. C refers to the number of channels and z_c refers to the compressed features for channel c.

Excitation: Calculates the weight for each channel in the compression phase. For this process, 1 × 1 weights are used in a convolution layer and a sigmoid activation function is applied to the obtained values. The formula for the excitation process is as follows. (7)${\displaystyle X=\delta \left(z_c\right)}$ (8)${\displaystyle z_c=\frac{1}{H\times W}\sum _{i=1}^H\sum _{j=1}^W{X}_{i,j,c}}$ (9)${\displaystyle s=\sigma \left(z_c\right).}$

Here: δ is the ReLU activation function, σ is the sigmoid activation function and s is the weight vector of the channels. After the compression and excitation processes, the weights calculated for each channel are multiplied by the input information. This process is called scaling. The formula for the scaling process is as follows. (10)${\displaystyle X_{i,j,c}^{\prime }=s_c{X}_{i,j,c}.}$

In this formula, X′ refers to the information appearing in the attention block, and s_c refers to the weights calculated for the relevant channel.

Attention layered mini-ResNet model

An attention layer mini-ResNet model that can work with 10 × 10 sized images was created to detect Android malware with permission information-based QR code-like images. In addition to the classical CNN architectures, the proposed architecture includes residual blocks and an attention layer after each residual block. The proposed architecture consists of five blocks. The first block contains the classic convolution layer, ReLu activation layer and MaxPooling layer, which contains 32 filters of size 3 × 3. In the second block, third block and fourth blocks, the residual layer and the attention layer are located together, respectively. Residual layers consist of two convolution layers using 32 filters and a 3 × 3 kernel. Attention layers come immediately after residual blocks. In attention layers, 1 × 1 sized convolution layers and ReLU are used in the compression process. The activation function used in the excitation process is sigmoid. At the end of the fourth block, there is a global pooling layer and 2D data is made available for the fully connected layer. In the fifth block, there are two fully connected layers and a softmax layer to classify the extracted features. Dropout layers with a ratio of 0.25 were used to prevent overfitting of the network between the fully connected layers. Details of the proposed architecture are shown in Fig. 1.

Training procedure

Four different datasets were used to evaluate the proposed classification model. 10 × 10 and 20 × 20 images were created for all datasets. Each dataset is divided into 70% training, 15% validation and 15% testing in the experimental phase.

Training of CNN architectures is done in two ways: the first is training from scratch and for this, weight initial values must be determined, and the second is the transfer learning approach. Since the proposed CNN architecture is not suitable for transfer learning, Xavier Initialization was used to initialize the weights. The loading and random loading options were also evaluated, but since they made the network learn late and unsuccessful results were obtained, it was decided to use Xavier loading. In the proposed mini-ResNet architecture with attention layer, ReLU is used for activation in the convolution layers, Sigmoid function is used for stimulation in the attention layer, and Softmax function is used in the classifier layer. The network’s learning rate started at 0.001, and the learning rate was reduced by 0.2 at the validation loss value, which did not decrease for five epochs. The minimum learning rate was determined as 0.00001. Adam was used for the optimization of the network and binary_crossentropy was used for the loss function. In the training phase, the number of epochs is 20 and the batch size is 64. The hyperparameters used in the original ResNET architecture were used to create the attention layered mini-ResNet architecture. The depth of the network (residual and attention layer numbers) was adjusted according to the image size. An attempt was made to obtain a minimum depth that could work on 10x10 images and contained low parameter.

Ablation study

In this study, instead of the basic CNN architecture, a lightweight CNN architecture with residual and attention layers is proposed. In order to demonstrate the effectiveness of the proposed architecture, an ablation study is applied. Table 3 shows the results obtained with the basic CNN architecture, the results of the mini-ResNET model formed when the convolution layers of the basic CNN architecture are replaced with residual layers, and the results obtained when attention layers are added.

As a result of the ablation study, it was seen that the proposed attention layered mini-ResNET model was more successful on all datasets. Replacing the layers of the Basic CNN architecture with residual layers increased the classification performance significantly. Especially on Dataset 2, which has an unbalanced data distribution, the difference between the results is large. The performance of the basic CNN architecture is close to the mini-ResNet architecture on balanced datasets. The mini-ResNET architecture with the attention layer produced more successful results on both balanced and unbalanced datasets.