RT-Droid: a novel approach for real-time android application analysis with transfer learning-based CNN models

Taşyürek M., Arslan R. S.

JOURNAL OF REAL-TIME IMAGE PROCESSING, vol.20, no.55, pp.1-17, 2023 (SCI-Expanded)

  • Publication Type: Article / Article
  • Volume: 20 Issue: 55
  • Publication Date: 2023
  • Doi Number: 10.1007/s11554-023-01311-w
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, PASCAL, Compendex, INSPEC
  • Page Numbers: pp.1-17
  • Kayseri University Affiliated: Yes


Today, the number, type and complexity of malware is increasing rapidly. Convolution neural network (CNN) based networks continue to be used in software classification based on image. In this study, a CNN model named Real Time-Droid(RT-Droid), which has a very fast malware detection capability and works based on YOLO V5, is introduced. RT-Droid detects android malware with high accuracy and performs this process at near real-time speed. For this process, firstly the features in the android manifest file are extracted and converted to an image in RGB format similar to QR code. Thus, images become processed by CNN-based deep learning models. These images were used to train VGGNet, Faster R-CNN, YOLO V4 and V5 models with the transfer learning technique. The android malware detection performances of the obtained trained models (weights) were examined. In the tests performed with Drebin, Genome and Arslan dataset, the precision value is 98.3%, while the F-score value is 97.0%. In obtaining these values, only 0.019 s per application was needed for analysis. It also requires 25 times less memory space compared to a gray-scale image. Since the small images of the YOLO V5 model can detect objects with very high accuracy and in real time, it provides serious efficiency in processing time. We also compared the results with VGGNet, Faster R-CNN and YOLO V4, which are commonly used CNN models for object detection, and show that it yields results at a higher rate and at least 5.5 times faster than similarly trained networks. Our method detects hacker-generated Android malware very quickly and with high accuracy, while being robust against obfuscated apps.