Cloud of Word vs DroidKungfu: Performance evaluation in detecting root exploit malware with deep learning approach

Android mobile malware is a type of malware that execute malicious activities (stealing and collecting data and running programs without the user's knowledge) in victims' Android mobile device. There are several types of malware, for instance; 1) Root exploit; 2) Botnet; 3) Trojan; and 4) Ransomware. Among these, root exploit is the most dangerous as it is able to gain control over the root privileges of an operating system (OS) stealthily, avoids security software scanning, and further installs other types of malware. Moreover, there are multiple types of root exploit families that attack Android, such as Droidkungfu, Droiddream, and Asroot. However, Droidkungfu possesses the highest number of samples among other families and able to survive with updated versions (version one until six). Therefore, the updated version could be increasing in the future. Furthermore, finding the best features in detecting root exploit is challenging, as the categories (permission, system calls, and intent) are many to choose from. Moreover, finding the ideal number of features is challenging as well, as it is able to affect machine learning detection. Thus, this study focuses to develop a solid model to predict undiscovered Droidkungfu by converting all the codes in images and adopted a Convolutional neural network (CNN) with Word of Cloud (WoC) to discover features automatically without considering the categories and number of features in the code. Among all parameters in evaluation, the highest result is 96 % accuracy in predicting unknown Droidkungfu and proved to detect new versions of this family in the future.