¹School of Computer, Hubei Polytechnic University, Huangshi, Hubei 435003, - P. R. China.
²School of Software, Xinjiang University, Urumqi, Xinjiang, 830008, - P. R. China.

---

Abstract—The increasing number of Android malware has made detection and analysis more difficult, aiming to the current malware attacking Android. This paper proposes an Android malware analysis and detection technology based on Attention-CNN-LSTM, which is a types of Multimodel Deep Learning. Selecting open source malware datasets of Drebin for research, extracting texture fingerprint information of Android malware to reflect the similarity of malware binary file blocks, at the same time, in order to improve the detection accuracy, AndroidMainfest.xml is treated as a text document, and its contextual text features are extracted through NLP. Besides, the above two types of features are merged to enhance the expression capability of texture fingerprint information , and Deep Belief Network is used to screen the above features. Above all, the texture fingerprint is processed by one-dimensional serial signal processing, and the end-to-end local correlation features are extracted according to a one-dimensional time-domain convolutional network. At the same time, considering the context relationship of the timing signal for the AndroidMainfest.xml text, combined with the LSTM model with stronger time-series modeling capabilities to analyze and detect the Android malicious code. The experimental results show that the proposed method can detect and analyze malware more effectively.

Index Terms—Malware, ; Android, ; attention-CNN-LSTM,; multimodel deep learning,; Deep Belief Network (DBN).

[PDF]

Cite: Luo shiqi, Liu Zhiyuan, Ni Bo, Wang Huanhuan, Sun Hua, Yuan Yong, "Android Malware Analysis and Detection Based on Attention-CNN-LSTM," Journal of Computers vol. 14, no. 1, pp. 31-43, 2019.