VisDroid: Android malware classification based on local and global image features, bag of visual words and machine learning techniques

In this paper, VisDroid, a novel generic image-based classification method has been suggested and developed for classifying the Android malware samples into its families. To this end, five grayscale image datasets each of which contains 4850 samples have been constructed based on different files from the contents of the Android malware samples sources. Two types of image-based features have been extracted and used to train six machine learning classifiers including Random Forest, K-nearest neighbour, Decision trees, Bagging, AdaBoost and Gradient Boost classifiers. The first type of the extracted features is local features including Scale-Invariant Feature Transform, Speeded Up Robust Features, Oriented FAST and Rotated BRIEF (ORB) and KAZE features. The second type of the extracted features is global features including Colour Histogram, Hu Moments and Haralick Texture. Furthermore, a hybridized ensemble voting classifier has been proposed to test the efficiency of using a number of machine learning classifiers trained using local and global features as voters to make a decision in an ensemble voting classifier. Moreover, two well-known deep learning model, i.e. Residual Neural Network and Inception-v3 have been tested using some of the constructed image datasets. Furthermore, when the results of the proposed model have been compared with the results of some state-of-art works it has been revealed that the proposed model outperforms the compared previous models in term of classification accuracy, computational time, generality and classification mode.

Automated summary

This paper proposes a novel image-based method for classifying Android malware samples, using various features and machine learning classifiers. Deep learning models are also tested, with results showing that the proposed model outperforms previous models in terms of classification accuracy, computational time, and generality.