A Multimodal Deep Learning Method for Android Malware Detection using Various Features

TaeGuen Kim, BooJoong Kang, Mina Rho, Sakir Sezer, Eul Gyu Im

Research output: Contribution to journalArticlepeer-review

134 Citations (Scopus)
2281 Downloads (Pure)


With the widespread use of smartphones, the number of malware has been increasing exponentially. Among smart devices, Android devices are the most targeted devices by malware because of their high popularity. This paper proposes a novel framework for Android malware detection. Our framework uses various kinds of features to reflect the properties of Android applications from various aspects, and the features are refined using our existence-based or similarity-based feature extraction method for effective feature representation on malware detection. Besides, a multimodal deep learning method is proposed to be used as a malware detection model. This paper is the first study of the multimodal deep learning to be used in the Android malware detection. With our detection model, it was possible to maximize the benefits of encompassing multiple feature types. To evaluate the performance, we carried out various experiments with a total of 41,260 samples. We compared the accuracy of our model with that of other deep neural network models. Furthermore, we evaluated our framework in various aspects including the efficiency in model updates, the usefulness of diverse features, and our feature representation method. In addition, we compared the performance of our framework with those of other existing methods including deep learning based methods.
Original languageEnglish
Pages (from-to)773-788
JournalIEEE Transactions on Information Forensics and Security
Issue number3
Publication statusPublished - 21 Aug 2018


  • Android malware
  • malware detection
  • intrusion detection
  • machine learning
  • neural network


Dive into the research topics of 'A Multimodal Deep Learning Method for Android Malware Detection using Various Features'. Together they form a unique fingerprint.

Cite this