Malware classification approaches utilizing binary and text encoding of permissions

With the advancement of smartphone technology, the development of mobile applications is rapidly growing. These apps are designed to help mobile users with a variety of everyday tasks, such as e-commerce and online services. Because these applications are widely used, they are susceptible to malicious user attacks. As a result, new challenges have emerged, such as the inability to differentiate between benign and malicious malware applications. This paper proposes two methods for classifying mobile applications into either benign or malicious: 1D convolution (Conv1d) and long short-term memory (LSTM). The suggested approaches use two encoding techniques, namely binary and text encoding, which were applied to the Android permissions of each application. In addition, the support vector machine and K-nearest-neighbor classifiers are reported as well. The two primary approaches were tested on the well-known CICMalDroid2020 dataset. Conv1d and LSTM with text encoding performed the best in terms of precision and accuracy (98.16%, 97.72%, and 96.63%, 96.69%, respectively). When compared with the Mal-Prem dataset, the Conv1d on binary classification beat the LSTM model.

Automated summary

With the advancement of smartphone technology, the development of mobile applications is rapidly growing. These apps are vulnerable to malicious user attacks and differentiating between benign and malicious malware applications is a challenge. This paper proposes two methods, Conv1d and LSTM, for classifying mobile applications into benign or malicious using binary and text encoding techniques. The results show that Conv1d with binary classification outperforms the LSTM model when compared with the Mal-Prem dataset.