Learning to detect Android malware via opcode sequences

A large number of Android malware samples can be deployed as the variants of the previously known samples. In consequence, a classification system capable of supporting a large set of samples is required to secure Android platform. Although a large set of variants requires scalability for automatic detection and classification, it also presents a significant advantage about a richer dataset at the stage of discovering underlying malicious activities and extracting representative features. Deep Neural Networks are built by a complex structure of layers whose parameters can be tuned and trained in order to enhance classification statistical metric results. Emerging parallelization computing tools and processors reduce computation time. In this paper, we propose a deep learning Android malware detection method using features extracted from instruction call graphs. The presented method examines all possible execution paths and the balanced dataset improves deep neural learning benign execution paths versus malicious paths. Since there is not a publicly available model for Android malware detection, we train deep networks from scratch. Then, we apply a grid search method to seek the optimal parameters of the network and to discover the combination of the hyper-parameters, which maximizes the statistical metric values. To validate the effectiveness of the proposed method, we evaluate with a balanced dataset constituted by 24,650 malicious and 25,000 benign samples. We evaluate the deep network architecture with respect to different parameters and compare the statistical metric values including runtime with respect to baseline classifiers. Our experimental results show that the presented malware detection is reached at 91.42% level in accuracy and 91.91% in F-measure, respectively.