DroidDeep: using Deep Belief Network to characterize and detect android malware

Android operating system and corresponding applications (app) are becoming increasingly popular, because the characteristics (open source, support the third-party app markets, etc.) of the Android platform, which cause the amazing pace of Android malware, poses a great threat to this platform. To solve this security issue, a comprehensive and accurate detection approach should be designed. Many research works dedicate to achieve this goal, including code analysis and machine learning methods, but these kinds of works cannot analyze large amount of Android applications comprehensively and effectively. We propose DroidDeep, which uses a Deep Belief Network model to classify Android malicious app. This proposed approach first collects 11 different kinds of static behavioral characteristics from a large amount of Android applications. Second, we design a Deep Belief Network algorithm to select unique behavioral characteristics from the collected static behavioral characteristics. Third, we detect zero-day Android malicious applications based on selected behavioral characteristics. We choose a dataset which mix with Android benign and malicious applications to evaluate the proposed method. The laboratory results show that the proposed method can obtain a higher detection accuracy (99.4%). Moreover, the proposed approach costs 6 s in average when analyzing and detecting each Android application.