Comprehensive review

On
CNN- based malware detection
With hybrid Optimization algorithm

1
*
Arshi kumari , Sunanda²
School of Computer Science and Engineering, SMVDU, J&K,
1
19mms004@smvdu.ac.in

Abstract. As daily use of the internet increases, the myriad malware attacks are increasing day by day which leads to the purloining of crucial data
of individuals, companies, or organizations. External attacks and vulnerability in our systems are the two main parameters on which risk arises for
the whole system set-up in our organization which can cause devastating situations for the firm’s owners or government sectors. Much research
work is going on for improving the detection and prevention methods for these attacks. Even many security policies are made and constantly
change according to the requirement of the situation for prevention from heavy losses and parallelly are being applied on the system and on the
system users. Various malware detection systems or software are build and used, and are the first status must be established in order of importance
or urgency for the prevention of the purloining of the data in software. Traditional malware detection method uses feature selection and extraction
(like in data mining, we have feature selection and extraction, which are at different stages), which are time- consuming. Thus, keeping in view
these vulnerabilities, many researchers used artificial intelligence paradigms i.e. machine learning algorithms (also used feature extraction and
classification as different stages), deep learning algorithms, for the improvement of the systems. But still does not get the desired result due to the
overfitting, noise, slow convergence of the algorithm, hyperparameter tuning, getting lower accuracy rate in testing the data than in training the
data, poor selection of learning parameters. Attacks can be in any form like viruses that infect a file or system by inserting malicious code into
nodes or programs, worms that exploit the vulnerability in the software, hardware, or human. The detection system must be robust enough in such
a way that it must be able to detect zero-based malware. By going through various experiments done by many researchers. This paper demonstrates
the malicious code detection based on deep learning algorithm i.e. CNN, with a hybrid PSO-BAT optimization algorithm. The usage of hybridized
algorithm help in mitigating the issues arises in detecting the malware in term of speed and accuracy, because these parameters are critical for
every experiments which are based on internet. The results of my proposed model which is a combination of PSO-BAT algorithm with CNN
network is expressed in terms of accuracy, precision, and recall which provide better result in the classification of malware and non-malware with
reduction of false-positive rate and negative rate.

Keywords: CNN algorithm, Malware detection, neural networks, PSO-BAT algorithm, Optimization algorithms, hyper-parameter.

1 Introduction

Nowadays, the Internet becomes the part of goods and daily necessity-product list, not even a single person in the world can do
work without the use of the internet. Due to the regular increased use of the internet, people with spiteful intentions are getting the
door open for performing the malicious act on the internet rather than in real life [1]. As we already know the definition of Malware
word consist of two words “mal” and “ware”, ” mal” means “bad”, ”evil”, and “wrong” whereas “ware” means “intangible product
or item manufactured”, so malware is defined as the data or software which are designed to commit wrong or harm the other
intentionally. So, malware generation increased exponentially with the increased use of the internet. Even smartphone is also
targeted for malware attacks , because of the pervasiveness of smartphone and have a huge market share, using local-based services
i.e. software services which use geographic information (regarding health, indoor object search, entertainment, work, personal
life) to provide information to users apart from prevailing services such as SMS, Voice calls, multimedia services etc. various
sleath approaches such as encryption, code transformation generates known malware, which led to use of behavior, anomaly and
dynamic analysis based method which help in detecting unknown malware[2].The latest crop of ransom ware dodges various
techniques of static analysis i.e. signature-based by code obfuscation, dynamic code loading encryption, and packing whereas dynamic analysis
is robust to these techniques but still existing dynamic tools to these techniques are not able to scale to compare code fast and identify the origin
of a new piece of malware in a time. Most of the detection malware software uses a static-based malware classification techniques, which is
used to recognize anonymous malware by comparing them to a database of previously captured malware. But the main drawback of signature-
based malware classification is that it requires a frequent update of the signature database with new arrivals of malware so that easily pattern
matching is done by the static method, this is the big con of the static malware.
Whereas static and dynamic analysis also plays an important and different role which is differentiated as below:-

Table 1: Difference between static analysis and dynamic analysis.

These methods are still used for detection of malware, because static and dynamic method are the foundation for detection. The
detection of malware is based on features, blow figure represent the common features used in detection.

Figure 1: features used for detection

Features are the input to the model which represent the characteristics which include port no, pixel value,API, CFG,opcode,N-
Gram,function call function generation indtuction traces instruction flow, DLL registry key network –connection, process service
etc. After learning the feature various classifier algorithms are able to detect the malware based on the training of the model.
Dynamic analysis is a thing that contribute extra features to static analysis, as both are much deterrent to code obfuscations. And both techniques have
their own pros and cons. P.V.Shijo, A.Salim has proposed integrated static and dynamic determination of malicious program method [3].

Figure 2: Static and dynamic malicious program detection model [4]

Drawback of these method are, that it takes more time in feature selection. Hybrid analysis generate good result, so this detection techniques is
constantly used in real time scenario.

II Background:

A malicious code attack is a day –to- day cyber-attack, where malicious software perform execution of unauthorized action on the casualty
system. Its name was officially defined by Cohen in 1984, but its behavior come into notice since at least 1970.The two main methods such as
static determination and dynamic determination where static determination uses various methods such as file fingerprinting, extraction of hard-
coded strings, file format, AV scanning, packer detection disassembly etc. and dynamic analysis uses the difference between defined points and
observing runtime behavior [5]. Most of the malware detection techniques are based on signature based detection which only detect known
malware but unable to detect unknown, zero- day attack, obfuscated and mutated [6]. To overcome the drawback in signature-based detection
technique, researchers have to turn to behavior based detection technique such as, capture malicious API calls throughout execution of the
program. Behavior-based techniques gives more accuracy in results than signature-based techniques in detecting polymorphic malware whereas
it is not able to detect many polymorphic viruses, known as packers[7].Heuristic based malware detection uses machine learning and data mining
techniques to learn the behavior of features such as API call, CFG,N-gram, opcode etc. The main disadvantage of this method is time complexity
[8].Model checking-based uses the concept of pushdown automata to model the program using SCTPL logic (stack computation tree predicate
logic) is an advanced version of the branching- temporal logic CTL with variable, quantifier and predicates over stack. The drawback of this
model is that its time complexity and space complexity is large [9].Then, next step is deep learning- based method which reduced the time
complexity, android malware detection problem is common now a days which uses large of space, by extracting android malware API sequence
by cuckoo sandbox, these sequences are converted text based classification problem and using word2vec to text is converted into vectorization,
then deep learning algorithm Bi- LSTM is used to classify the malware and benign, deep learning algorithm is used for large dataset [10].As
increase in use of internet increase data production is also increasing, which leads to the storage of data on the cloud due to which malicious
code developer also get opportunities to access and deteriorate the information which is kept on the cloud [11].Mobile devices-based effective to
detect both new and old generation malware, but can’t detect complex malware. IoT- based uses both method static and dynamic but unable to
detect complex malware. IoT- based uses both method static and dynamic but unable to detect complex malware. Malware detection methods
are shown in figure 3.
 Figure 3: Malware detection methods [12]
The standard metrics are used to evaluate the performances of classifier such as accuracy, precision, recall and f1-score,these metrics are estimated
based on true positive (TP),True negative(TN),False positive(FP),and false negative (FN) [13].
 True Positive: Rate of malicious code correctly classified by malware application
 True Negative: Rate of benign classified by benign classifier.
 False Positive: Rate of malware misclassified by malware application
 False negative: Rate of benign misclassified by benign classifier.
III Optimization algorithm:
There are many features in the dataset which are redundant and irrelevant which leads to worsen the output of the learning algorithm
then create an over fitting problem. These redundant features Detroit the accuracy and the computation time complexity of algorithm.
The feature selection consist of many steps such as:

1) Procedure Generation: subset of features is generated, then search strategy is applied to obtain the promising candidate feature subset.
2) Strategy of Evolution: In order to find the best feature subset out of candidate feature subset, we have to determine the goodness of the each
feature.
3) Criterion for stopping: stopping criteria is always determined
4) Procedure validation: It is used for validation of subset of features

Figure 4: Feature selection steps [14]

Feature selection provide following benefit such as:

 It reduce training and resource usage time

 It reduce storage requirement
 It improve prediction performance

From the perspective of the gradient information the optimization methods are further classified as:-
1) First order optimization
2) Second order optimization
3) Heuristic derivative –free optimization

First order optimization is also called stochastic gradient method and its variant, it is also known as black box optimization. Its common
algorithms are gradient descent, stochastic gradient descent, nesterov accelerated gradient descent, stochastic variances reduction gradient etc. and
second Order optimization or higher order optimization converges at a faster speed, drawback of this method is operation and storage increases.
As the output of a black-box or second order optimization that does not provide derivative information, the method in which objective function
is defined by a deterministic black box which handles the different types of constraints removes the drawback of the first order and second order
is known as heuristic derivative free optimization.[15].Earlier, due to incessant use of data mining techniques false positive rates are also incessant
in the output which leads to the indispensable detection of malware, for the improvement of detection a novel knowledge-based database
discovery model that improves apriori association rule mining of a priori algorithm with particle swarm optimization (PSO) is proposed by
Olawale surajudeen Adebayo et.al [16].
IV Related work:

As per report published by check point research, Ransomware attack increased to 102 % in 2021 compared with 2021 and India is at the top which is affected
with 213 weekly attack. As attacks are increasing day by day based on this scenario, I had done a literature review which as described below:

[17] zhihua cui, fei xue, Xingjuan cai, yang cao,jinjun chen proposed a method for detection of malware by converting the malicious code into grayscale
images then images are classified and identified using a CNN algorithm, that extract the features of the malware images automatically and uses the bat
algorithm to address the data imbalance among different malware families.

[18] Peng Zhang,Bowen sun,Ruotong Ma, Ang li,proposed a method for detection of malware in which gray code image is converted into RGB images then
13-layer VGG16 is used for classification and author also uses Spp-Net to take any size of input, this experiment increase the accuracy and reduces the time
complexity in attaining the better performance.

[19] Abdelmonim Naway,Yuancheng Li gives review on the malware detection based on android which is widely used mobile operating system with deep
learning algorithms, which help in identifying the unresolved problems in static ,dynamic and hybrid analysis .

[20]Xin-she Yang gives a detail review on bat algorithm with its application and variant of bat algorithm,which is found effective in understanding the bat
algorithm.

[21]Tien-Szu Pan,Dao kien,Trong-The Nguyen,shu-chuan chu proposed a model,hybrid particle swarm optimization with bat algorithm in which
communication strategy between Pso and bat algorithm is discussed in detail.

[22]Vinayakumar R, Mamoun Alazab,Prabaharan ,Poornachandran and sitalakshmi ventraman poposed a methodology for detection of malware detection
using scalable and hybrid deep learning framework.

[23] M.Yeo, Y.koo, Y.Yoon, T.Hwang, J.Ryu, el.al analysis the working of malware detection using CNN,muli-layer perceptron (MLP),SVM,and random
forest with 35 features which are extracted from flow data which showed accuracy,precision and recall greater than 80%.

[24]Detecting malware with ensemble method based on deep learning algorithm proposed by Jinpei and Yong Qi,in which MalNet using CNN and LSTM
algorithm ,which achieves 99.88% validation accuracy.

[25] Sanjay sharma and C.Rama Krishna and sanjay K. sahay suggested a method based on machine learning using opcode occurance to detect unknown
malware ,which detect the malware with almost 100% accuracy.

[26] Derya soydaner gives a comparison of optimization algorithms for deep learning in detail and he implemented the adaptive gradient method for both
supervised and unsupervised task.

[27] S.Sibi chakkaravarthy et.al gives a A survey on malware analysis and mitigation techniques in which advance Persistant threats are covered in detail
and conducted a series of Experiment on ,malware images and performances is measured.

[28]Amin Azmoodeh,et al proposed a robust malware detection method for IoT using eigenspace learning used a virusTotal dataset and deep eigenspace
learning algorithm result in model have the capability to junk code insertion attack.

[29] Vinaya kumar et al proposed deep learninag approach for intelligent intrusion detection system using KDDcup99,NSL-KDD,UNSW-
NB15,Kyoto,WSN-DS and CICIDS dataset using algorithm DSS result in a scale –hybrid –ids alertNetvmodel.

[30] Sndeep HR et.al gies detail analysis of static analysis of android malware detection using deep learning,in which detection of malware is done before
insatallation of application.

[31]Tianliang lu,Yanhui Du proposed an android malware detection based on ahybrid deep learning model in which deep belief network and gate re recurrent
unit is used to analyze the android malware which gives the better detection effect.

[32]Lingru cai,Yao li,Zhi Xiong,proposed JOWMDroid:Andriod malware detection based on feature weighting with joint optimization of weight –mapping
and classifier parameters,experiment results four state –of-art feature weighting methods.

[33]In this paper features were optimized from 378 to 11 using PSO,ie proposed model is AdaBoost able to achieve good detection accuracy.

[34]Jie Ling proposed a research of android malware detection based on ACO optimized Xgboost parameters approach ,in which high efficiency and
accuracy od detection is achievd by using aco algorithm.

[35]In this paper,adaptive memetic algoritm is used which used both local and global search to overcome the pre mature convergence .

[36]In this paper ATMPA:attacking machine learning –based malware visualization detection method via adversarial examples, experiment is performed
on MS BIG malware dataset which result is the rate of transferability is 74.1%.
 Table 2: Literature review comparison
V Proposed Methodology
Proposed Method: The Malimg dataset which is in the format of numpy array is fed to the optimization algorithm(PSO-BAT algorithm),which help in
removing data misbalancing between different families of malware and then the balanced input is fed to CNN algorithm, which help in classification of
malware with better performance.

Fig 8: Malware classification using CNN-algorithm

We are using CNN (Convolution Neural Network) with PSO-Bat Algorithm to optimize features and to predict malicious code. From internet various
software’s can be downloaded and software may contains malicious code and upon execution of such software can cause file corruption or data loss. All
existing technique may use static or dynamic technique to identify such malicious code but it reduces the detection and to overcome this problem we are
using two algorithms called PSO- BAT to optimize features which can resolve features imbalance problem and this optimize features will be passed to CNN
algorithm to train CNN model and this trained model can be applied on new malicious code or test data to detect malware family. Propose algorithm is called
as pso-bat with CNN. We are comparing performance of propose method with SVM and KNN and PSO-BAT With CNN is giving better prediction accuracy.

a) PSO-BAT optimization Concept:

Best particles of PSO algorithm is swapped with worst particles and best particle of bat algorithm is swapped with PSO algorithm, this is how optimized
particle is obtained by using PSO- bat algorithm.

Figure 5: swapping of particles

b) Result:

Figure 6: Proposed method result Figure 7: Result in term of accuracy

VI Conclusion: In this work, we presented a thorough review of malware detecting using deep learning on various platforms. This review paper
uncover the various optimization techniques and its comparison and tries to cover the gap between the existing detection techniques and this novel
technique. The review showed that how the existing optimization algorithms work with deep learning and machine learning approach, by keeping these
optimization algorithm in the view we choose two optimization i.e PSO and Bat algorithm for best feature selection, then the optimized output is fed to
the CNN algorithm which increase the accuracy rate by two to three percentage with the reduction of time complexity.
 REFERENCES

[1] P. Faruki et al., "Android Security: A Survey of Issues, Malware Penetration, and Defenses," in IEEE Communications Surveys & Tutorials, vol. 17, no. 2, pp.
998-1022, Secondquarter 2015, doi: 10.1109/COMST.2014.2386139.

[2] Ö. A. Aslan and R. Samet, "A Comprehensive Review on Malware Detection Approaches," in IEEE Access, vol. 8, pp. 6249-6271, 2020, doi:
10.1109/ACCESS.2019.2963724.

[3] P.V. Shijo, A. Salim,”Integrated Static and Dynamic Analysis for Malware Detection,”Procedia Computer Science,Volume 46,2015,Pages 804-811,

[4] S. Akcay, M. E. Kundegorski, C. G. Willcocks and T. P. Breckon, "Using Deep Convolutional Neural Network Architectures for Object Classification and Detection
Within X-Ray Baggage Security Imagery," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 9, pp. 2203- 2215, Sept. 2018, doi:
10.1109/TIFS.2018.2812196.

[5] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran and S. Venkatraman, "Robust Intelligent Malware Detection Using Deep Learning," in IEEE Access,
vol. 7, pp. 46717-46738, 2019, doi: 10.1109/ACCESS.2019.2906934.

[6] Souri, A., Hosseini, R. A state-of-the-art survey of malware detection approaches using data mining techniques. Hum. Cent. Comput. Inf. Sci. 8, 3 (2018).
https://doi.org/10.1186/s13673- 018-0125-x
[7] Feizollah, Ali & Anuar, Nor & Salleh, Rosli & Wahid, Ainuddin. (2015). A review on feature selection in mobile malware detection. Digital Investigation. 13. 22–
37. 10.1016/j.diin.2015.02.001.

[8] K. He and D. Kim, "Malware Detection with Malware Images using Deep Learning Techniques," 2019 18th IEEE International Conference On Trust, Security
And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New
Zealand, 2019, pp. 95- 102, doi: 10.1109/TrustCom/BigDataSE.2019.00022.

[9] Tiwari, S., Singh, B. & Kaur, M. An approach for feature selection using local searching and global optimization techniques. Neural Comput & Applic 28, 2915–
2930 (2017). https://doi.org/10.1007/s00521-017-2959- y

[10] Nath H.V., Mehtre B.M. (2014) Static Malware Analysis Using Machine Learning Methods. In: Martínez Pérez G., Thampi S.M., Ko R., Shu L. (eds) Recent
Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin,
Heidelberg.

[11] Galal, Hisham. (2015). Behavior-based features model for malware detection. Journal of Computer Virology and Hacking Techniques. 12. 10.1007/s11416-015-
0244-0.

[12] P. Khodamoradi, M. Fazlali, F. Mardukhi and M. Nosrati, "Heuristic metamorphic malware detection based on statistics of assembly instructions using classification
algorithms," 2015 18th CSI International Symposium on Computer Architecture and Digital Systems (CADS), Tehran, Iran, 2015, pp. 1-6, doi:
10.1109/CADS.2015.7377792.
[13] P. Faruki et al., "Android Security: A Survey of Issues, Malware Penetration, and Defenses," in IEEE Communications Surveys & Tutorials, vol. 17, no. 2, pp.
998-1022, Secondquarter 2015, doi: 10.1109/COMST.2014.2386139.

[14] Ö. A. Aslan and R. Samet, "A Comprehensive Review on Malware Detection Approaches," in IEEE Access, vol. 8, pp. 6249-6271, 2020, doi:
10.1109/ACCESS.2019.2963724.

[15] P.V. Shijo, A. Salim,”Integrated Static and Dynamic Analysis for Malware Detection,”Procedia Computer Science,Volume 46,2015,Pages 804-811,

[16] S. Akcay, M. E. Kundegorski, C. G. Willcocks and T. P. Breckon, "Using Deep Convolutional Neural Network Architectures for Object Classification and Detection
Within X-Ray Baggage Security Imagery," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 9, pp. 2203- 2215, Sept. 2018, doi:
10.1109/TIFS.2018.2812196.

[17] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran and S. Venkatraman, "Robust Intelligent Malware Detection Using Deep Learning," in IEEE Access,
vol. 7, pp. 46717-46738, 2019, doi: 10.1109/ACCESS.2019.2906934.

[18] Souri, A., Hosseini, R. A state-of-the-art survey of malware detection approaches using data mining techniques. Hum. Cent. Comput. Inf. Sci. 8, 3 (2018).
https://doi.org/10.1186/s13673- 018-0125-x
[19] Feizollah, Ali & Anuar, Nor & Salleh, Rosli & Wahid, Ainuddin. (2015). A review on feature selection in mobile malware detection. Digital Investigation. 13. 22–
37. 10.1016/j.diin.2015.02.001.

[20] K. He and D. Kim, "Malware Detection with Malware Images using Deep Learning Techniques," 2019 18th IEEE International Conference On Trust, Security
And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New
Zealand, 2019, pp. 95- 102, doi: 10.1109/TrustCom/BigDataSE.2019.00022.

[21] Tiwari, S., Singh, B. & Kaur, M. An approach for feature selection using local searching and global optimization techniques. Neural Comput & Applic 28, 2915–
2930 (2017). https://doi.org/10.1007/s00521-017-2959- y

[22] Nath H.V., Mehtre B.M. (2014) Static Malware Analysis Using Machine Learning Methods. In: Martínez Pérez G., Thampi S.M., Ko R., Shu L. (eds) Recent
Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin,
Heidelberg.

[23] Galal, Hisham. (2015). Behavior-based features model for malware detection. Journal of Computer Virology and Hacking Techniques. 12. 10.1007/s11416-015-
0244-0.

[24] P. Khodamoradi, M. Fazlali, F. Mardukhi and M. Nosrati, "Heuristic metamorphic malware detection based on statistics of assembly instructions using classification
algorithms," 2015 18th CSI International Symposium on Computer Architecture and Digital Systems (CADS), Tehran, Iran, 2015, pp. 1-6, doi:
10.1109/CADS.2015.7377792.

[25] Z. Cui, F. Xue, X. Cai, Y. Cao, G. Wang and J. Chen, "Detection of Malicious Code Variants Based on Deep Learning," in IEEE Transactions on Industrial
Informatics, vol. 14, no. 7, pp. 3187-3196, July 2018, doi: 10.1109/TII.2018.2822680.

[26] P. Zhang, B. Sun, R. Ma and A. Li, "A Novel Visualization Malware Detection Method based on Spp-Net," 2019 IEEE 5th International Conference on Computer
and Communications (ICCC), Chengdu, China, 2019, pp. 510-514, doi: 10.1109/ICCC47050.2019.9064194.

[27] Vu, Long & Jung, Souhwan. (2021). AdMat: A CNN-on-Matrix Approach to Android Malware Detection and Classification. IEEE Access. PP. 1-1.
10.1109/ACCESS.2021.3063748.
[28] Yang, Xin-She. (2013). Bat Algorithm: Literature Review and Applications. International Journal of Bio-Inspired Computation. 5. 10.1504/IJBIC.2013.055093.

[29] Pan, Tien-Szu & Kien, Dao & Nguyen, Trong-The & Chu, Shu-Chuan. (2015). Hybrid Particle Swarm Optimization with Bat Algorithm. 10.1007/978-3-319-
12286-1_5.

[30] Vinayakumar R,Mamoun Alazab,Soman KP,”Robust intelligent malware detection using deep learning”.

[31] Ines Jemal,Omar Cheikhrouhou,Habib Hamam and Adel Mahfoudhi,”SQL Injection attack detection and prevention techniques using machine learning”.

[32] Garima sing, Dev kant and Akhilesh pratap singh”,SQL injection detection and correction using machine learning”.

[33] Huafeng Zhang,Bo Zhao and Hui Yuan”,SQL injection detection based on deep belief network”.

[34] Stanislav Abaimov”,CODDLE: code- injection detection with deep learning”.

[35] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat and S. Venkatraman, "Deep Learning Approach for Intelligent Intrusion Detection
System," in IEEE Access, vol. 7, pp. 41525-41550, 2019, doi: 10.1109/ACCESS.2019.2895334.

[36] A. Azmoodeh, A. Dehghantanha and K. R. Choo, "Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning,"
in IEEE Transactions on Sustainable Computing, vol. 4, no. 1, pp. 88-95, 1 Jan.-March 2019, doi: 10.1109/TSUSC.2018.2809665.

[37] Liu, Qiang & Li, Pan & Zhao, Wentao & Cai, Wei & Yu, Shui. (2018). A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data
Driven View. IEEE Access. 6. 12103-12117. 10.1109/ACCESS.2018.2805680.

[38] S. HR, "Static Analysis of Android Malware Detection using Deep Learning," 2019 International Conference on Intelligent Computing and Control Systems
(ICCS), 2019, pp. 841-845, doi: 10.1109/ICCS45141.2019.9065765

[39] ]Tianlaing lu,Yanhui Du,li Ouyang chen,Xirui wang”android malware detection based on hybrid deep learning model,”security and communication
network,vol.20202,article id 8863617,11 pages ,2020.

[40] Lingru Cai, Yao Li, Zhi Xiong,JOWMDroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier
parameters,Computers & Security,Volume 100,2021,102086,ISSN 0167-4048,

[41] Razak, M.F.A., Anuar, N.B., Othman, F. et al. Bio-inspired for Features Optimization and Malware Detection. Arab J Sci Eng 43, 6963–6979 (2018).
https://doi.org/10.1007/s13369-017-2951-y

[42] Jie ling,XUeing Wang :research malware detection based on ACO optimized Xgboost Parametrs approach,3 rd ICMEIT 2019

[43] AJIC vol.24 Johannesburg 2019,Intelligent malware detection using neural network ensemble based on hybrid search
mechanism,http://dx.doi.org/10/10.23962/10539/28660.

[44] Xinbo Liu,Jiliang zhang;attacking machine learning based malware visualization detection method via adversarsial exsmples ,7963-1234(2019).