Android malware detection was a complex task due to the intricate structure of Android applications, which consisted of numerous Java methods and classes. Effective detection required the extraction of meaningful features and the application of advanced machine learning (ML) or deep learning (DL) algorithms. This paper presented a novel approach to detecting Android malware by leveraging opcode sequences extracted from Android applications. These opcode sequences, which differed between malicious and benign apps, formed the basis of the detection model. The methodology involved extracting opcode sequences from decompiled Android APK files using the “Androguard” tool and applying recurrent neural networks (RNN) with long short-term memory (LSTM), Bi-LSTM, and gated recurrent unit (GRU) architectures to classify the apps as either malware or benign. The combination of these advanced DL techniques allowed for capturing temporal dependencies in opcode sequences, resulting in a significant improvement in detection capabilities. This work underscored the potential of using opcode sequences in conjunction with RNN, LSTM, and GRU for robust and accurate malware detection, while also highlighting the importance of further exploring additional features for comprehensive classification.

Android malware detection; Deep learning; GRU; LSTM; Machine learning