A Novel IChOA CNN-LSTM Model for Android

Malware Detection Using Opcode-Based Feature

Selection and Optimization

Introduction
 Contribution of this Work

1. Proposed an IChOA based CNN-LSTM approach for enhanced Android malware detection.
2. Utilizes an opcode-based model for effective feature selection, improving classification performance.
3. Enhances feature extraction by combining an improved transformer with an RNN model and a softmax
function.
4. Fine-tunes model parameters using SOA to achieve better detection accuracy. Validates the model using
key metrics include accuracy, precision, recall, and F-score to demonstrate its effectiveness.

1. Related Works
2. Proposed system
A thorough process for detecting Android malware utilizing an IChOA CNN-LSTM method is
shown in Figure 1. An Android malware dataset, which includes both harmful and benign apps, is fed
into the procedure at the start. The pre-processing procedure is used to clean and convert the raw data
for better analysis, ensuring data quality. An opcode-based approach is used to pick features after pre-
processing, extracting pertinent data to aid in distinguishing between malicious and trustworthy apps.
The IChOA CNN-LSTM model is used to detect Android malware after the important features have
been chosen. At this point, CNNs are employed to extract features. In the meantime, LSTM controls the
sequential dependencies in the data to increase the accuracy of classification. In order to improve the
model's performance, the features are further selected. By fine-tuning crucial parameters, the SOA is
utilized for hyperparameter optimization, which increases detection efficiency. Finally, some key
measures that are utilized to evaluate the effectiveness of the proposed approach include accuracy,
precision, recall, and F-score. These precautions guarantee a solid and efficient malware detection
system that can accurately identify harmful Android apps.
2.1.Data pre-processing
2.2. Feature Selection in Opcode-based model

2.3. Proposed Android Malware Detection Process using IChOA CNN-LSTM

algorithm
Input Layer
An artificial neural network's initial layer of nodes is referred to as the input layer. Input data from the
external environment is received by this layer.
Convolution Layer
The following is the expression for the convolution between the input features and the kernels [20] of
the convolution layer:

(1)

Where, is represents the feature map that was found using kernels , and corresponds to
the activation function that is not linear.
Pooling Layer:
Following convolution, pooling is the following stage, which eliminates superfluous features from the
features map to reduce its size. This is accomplished by the network using the max-pooling function
which is represented as,

(2)

Where, indicates that the feature map has been pooled, and indicates that the max-pooling
function was employed to make the feature map less dimensional. The behavior of each memory cell is
then altered by feeding the pooled feature map into the various LSTM gates.
 Fully Connected Layer
At each layer, the entirely linked layer is found using the formula below:
(3)

Where, represents the activation function, the bias value is , and the completely connected layer,
the weight matrix is .

Output layer
A neural network's output layer, which generates the network's classifications or predictions, is its last
layer. It converts the data into a format that can be used after receiving it from the earlier levels.
2.3.1. Improved Chimp Optimization Algorithm (IChOA)

(7)

(8)
2.4. SOA-based parameter tuning
 Initialization

Grouping of snakes

2.5. Performance evaluation

Accuracy is defined as the proportion of accurately detected instances within the total number of
instances.

(14)

Experimental result and discussion

In this part, the IChOA-CNN-LSTM approach's Android malware recognition findings are validated
using the 7500-case database listed in Table 1. The detection results are analyzed using a set of measures
called recall, accuracy, precision, and F-score.
 Table 1. Details on database
Classes No.of instantances
Benign 5000
Malware 2500
Total Instances 7500

Figure 4. Confusion matrix for IChOA-CNN-LSTM model-based malware detection

The confusion matrices generated by the IChOA-CNN-LSTM model are shown in Figure 4 at a
ratio of 70:30 for the training phase (TRAP) to the testing phase. The findings demonstrate that IChOA-
CNN-LSTM is capable of efficiently identifying both benign and malicious samples across all classes.
 120
AdaBoostMI [22]

100
MLP [23]

80
AAMD-OELAC [24]

60
IChOA-CNN-LSTM
(Proposed)
40

20

0
Accuracy Precision Recall F1-score

Performance comparison between the proposed and existing models

Conclusion

Reference
1. Vinayakumar, R., Mamoun Alazab, K. P. Soman, Prabaharan Poornachandran, and Sitalakshmi
Venkatraman. "Robust intelligent malware detection using deep learning." IEEE access 7 (2019): 46717-
46738.
2. Pan, Ya, Xiuting Ge, Chunrong Fang, and Yong Fan. "A systematic literature review of android malware
detection using static analysis." IEEE Access 8 (2020): 116363-116379.
3. Zhang, Hanqing, Senlin Luo, Yifei Zhang, and Limin Pan. "An efficient Android malware detection
system based on method-level behavioral semantic analysis." IEEE Access 7 (2019): 69246-69256.
4. Assiri, Mohammed. "Robust malicious software detection and classification using global whale
optimization algorithm with deep learning approach." Scientific Reports 14, no. 1 (2024): 25383.
5. Almakayeel, Naif. "Deep learning-based improved transformer model on android malware detection
and classification in internet of vehicles." Scientific Reports 14, no. 1 (2024): 25175.
6. Majid, Al-Ani Mustafa, Ahmed Jamal Alshaibi, Evgeny Kostyuchenko, and Alexander Shelupanov. "A
review of artificial intelligence based malware detection using deep learning." Materials Today:
Proceedings 80 (2023): 2678-2683.
7.
analysis with factor analysis and broad learning methods for android applications." Engineering Science
and Technology, an International Journal 62 (2025): 101945.
8. Hein, C. L. P. M., and Khin Mar Myo. "Permission-based feature selection for android malware
detection and analysis." International Journal of Computer Applications 181, no. 19 (2018): 29-39.
9. Mallidi, S. "Bat optimization algorithm for wrapper based feature selection and performance
improvement of android malware detection." IET Networks (Wiley-Blackwell) 10, no. 3 (2021).
10. Abubaker, Howida, Aida Ali, Siti Mariyam Shamsuddin, and Shafaatunnur Hassan. "Exploring
permissions in android applications using ensemble-based extra tree feature selection." Indonesian
Journal of Electrical Engineering and Computer Science 19, no. 1 (2020): 543-552.
11. Xing, Xiaofei, Xiang Jin, Haroon Elahi, Hai Jiang, and Guojun Wang. "A malware detection approach
using autoencoder in deep learning." IEEE Access 10 (2022): 25696-25706.
12. Alamro, Hayam, Wafa Mtouaa, Sumayh Aljameel, Ahmed S. Salama, Manar Ahmed Hamza, and
Aladdin Yahya Othman. "Automated android malware detection using optimal ensemble learning
approach for cybersecurity." IEEE Access (2023).
13. Aamir, Muhammad, Muhammad Waseem Iqbal, Mariam Nosheen, M. Usman Ashraf, Ahmad Shaf,
Khalid Ali Almarhabi, Ahmed Mohammed Alghamdi, and Adel A. Bahaddad. "AMDDLmodel: Android
smartphones malware detection using deep learning model." Plos one 19, no. 1 (2024): e0296722.
14. Banik, Abhinandan, and Jyoti Prakash Singh. "Android malware detection by correlated real permission
couples using FP growth algorithm and neural networks." IEEE Access (2023).
15. Kim, TaeGuen, BooJoong Kang, Mina Rho, Sakir Sezer, and Eul Gyu Im. "A multimodal deep learning
method for android malware detection using various features." IEEE Transactions on Information
Forensics and Security 14, no. 3 (2018): 773-788.
16. Iadarola, Giacomo, Fabio Martinelli, Francesco Mercaldo, and Antonella Santone. "Towards an
interpretable deep learning model for mobile malware detection and family identification." Computers
& Security 105 (2021): 102198.
17. Mahindru, Arvind, and A. L. Sangal. "Deepdroid: feature selection approach to detect android malware
using deep learning." In 2019 IEEE 10th International Conference on Software Engineering and Service
Science (ICSESS), pp. 16-19. IEEE, 2019.
18. Bayazit, Esra Calik, Ozgur Koray Sahingoz, and Buket Dogan. "A deep learning based android malware
detection system with static analysis." In 2022 International Congress on Human-Computer
Interaction, Optimization and Robotic Applications (HORA), pp. 1-6. IEEE, 2022.
19. Wasif, Md Shadman, Md Palash Miah, Md Shohrab Hossain, Mohammed JF Alenazi, and Mohammed
Atiquzzaman. "CNN-ViT synergy: An efficient Android malware detection approach through deep
learning." Computers and Electrical Engineering 123 (2025): 110039.
20. Vinayakumar, R., Mamoun Alazab, K. P. Soman, Prabaharan Poornachandran, and Sitalakshmi
Venkatraman. "Robust intelligent malware detection using deep learning." IEEE access 7 (2019): 46717-
46738.
21. Gopinath, Mohana, and Sibi Chakkaravarthy Sethuraman. "A comprehensive survey on deep learning
based malware detection techniques." Computer Science Review 47 (2023): 100529.
22. Joseph, Janius Christabel. "Multi Classifier Models using Machine Learning Techniques for Malware
Detection." PhD diss., Dublin, National College of Ireland, 2021.
23. Gopinath, Mohana, and Sibi Chakkaravarthy Sethuraman. "A comprehensive survey on deep learning
based malware detection techniques." Computer Science Review 47 (2023): 100529.
24. Ababneh, Mustafa, and Aayat Aljarrah. "cybersecurity: Malware multi-attack detector on android-based
devices using deep learning methods." Journal of Theoretical and Applied Information Technology 102,
no. 1 (2024).