A review of deep learning models to detect malware in Android applications

Abstract

Android applications are indispensable resources that facilitate communication, health monitoring, planning, data sharing and synchronization, social interaction, business and financial transactions. However, the rapid increase in the smartphone penetration rate has consequently led to an increase in cyberattacks. Smartphone applications use permissions to allow users to utilize different functionalities, making them susceptible to malicious software (malware). Despite the rise in Android applications’ usage and cyberattacks, the use of deep learning (DL) models to detect emerging malware in Android applications is still nascent. Therefore, this review sought to explain DL models that are applied to detect malware in Android applications, explore their performance as well as identify emerging research gaps and present recommendations for future work. This study adopted the preferred reporting items for systematic reviews and meta-analyses (PRISMA) guidelines to guide the review. The study revealed that convolutional neural networks, gated recurrent neural networks, deep neural networks, bidirectional long shortterm memory, long short-term memory (LSTM) and cubic-LSTM are the most prominent deep learning-based malicious software detection models in Android applications. The findings show that deep learning models are increasingly becoming an effective technique for malicious software detection in Android applications in realtime. However, monitoring and tracking information flow and malware behavior is a daunting task because of the evolving nature of malware and human behavior. Therefore, training mobile application users and sharing updated malware datasets is paramount in developing detection models. There is also a need to detect malicious software before downloading mobile applications to improve the security of Android smartphones.