Deep learning guided Android malware and anomaly detection

Nikola Milosevic, Junfan Huang

Research output: Contribution to journalArticle

175 Downloads (Pure)


In the past decade, the cyber-crime related to mobile devices has increased. Mobile devices, especially the ones running on Android operating system are particularly interesting to malware creators, as the users often keep the biggest amount of personal information on their mobile devices, such as their contacts, social media profiles, emails, and bank accounts. Both dynamic and static malware analysis is necessary to prevent and detect malware, as both techniques have their benefits and shortcomings. In this paper, we propose a deep learning technique that relies on LSTM and encoder-decoder neural network architectures for dynamic malware analysis based on CPU, memory and battery usage. The proposed system is able to detect and notify users about anomalies in system that is likely consequence of malware behaviour. The method was implemented as a part of OWASP Seraphimdroids anti-malware mechanism and notifies users about anomalies on their devices. The method proved to perform with an F1-score of 79.2%.
Original languageEnglish
Publication statusPublished - 23 Oct 2019


  • cs.CR
  • cs.CY
  • cs.LG


Dive into the research topics of 'Deep learning guided Android malware and anomaly detection'. Together they form a unique fingerprint.

Cite this