Deep learning feature exploration for Android malware detection

Android mobile devices and applications are widely deployed and used in industry and smart city. Malware detection is one of the most powerful and effective approaches to guarantee security of Android systems, especially for industrial platform and smart city. Recently, researches using machine learning-based techniques for Android malware detection increased rapidly. Nevertheless, most of the appeared approaches have to perform feature analysis and selection, so-called feature engineering, which is time-consuming and relies on artificial experience. To solve the inefficiency problem of feature engineering, we propose TC-Droid, an automatic framework for Android malware detection based on text classification method. The core idea of TC-Droid is derived from the field of text classification. TC-Droid feeds on the text sequence of APPs analysis reports generated by AndroPyTool, applies a convolutional neural network (CNN) to explore significant information (or knowledge) under original report text, instead of manual feature engineering. In an evaluation with different number of real-world samples, TC-Droid outperforms state-of-the-art model (Drebin) and several classic models (NB, LR, KNN, RF) as well. With multiple experimental settings and corresponding comparisons, TC-Droid achieves effective and flexible performance in Android malware detection task.