A review of deep learning models to detect malware in Android applications

Abstract:

Android applications are indispensable resources that facilitate communication, health monitoring, planning, data

sharing and synchronization, social interaction, business and financial transactions. However, the rapid increase

in the smartphone penetration rate has consequently led to an increase in cyberattacks. Smartphone applications

use permissions to allow users to utilize different functionalities, making them susceptible to malicious software

(malware). Despite the rise in Android applications’ usage and cyberattacks, the use of deep learning (DL) models

to detect emerging malware in Android applications is still nascent. Therefore, this review sought to explain DL

models that are applied to detect malware in Android applications, explore their performance as well as identify

emerging research gaps and present recommendations for future work. This study adopted the preferred reporting

items for systematic reviews and meta-analyses (PRISMA) guidelines to guide the review. The study revealed that

convolutional neural networks, gated recurrent neural networks, deep neural networks, bidirectional long shortterm memory, long short-term memory (LSTM) and cubic-LSTM are the most prominent deep learning-based

malicious software detection models in Android applications. The findings show that deep learning models are

increasingly becoming an effective technique for malicious software detection in Android applications in realtime. However, monitoring and tracking information flow and malware behavior is a daunting task because of

the evolving nature of malware and human behavior. Therefore, training mobile application users and sharing

updated malware datasets is paramount in developing detection models. There is also a need to detect malicious

software before downloading mobile applications to improve the security of Android smartphones.