ATBU Journal of Science, Technology and Education

Android malware has become an increasingly critical threat due to the rapid proliferation of mobile devices and the growing sophistication of attack techniques. Traditional signature-based detection mechanisms are failing against modern obfuscated and polymorphic malware, which deliberately alters its binary structure to evade identification. This study proposes a static image-based malware detection framework that treats Android APK binary files as visual data, bypassing code execution entirely. The methodology converts raw APK binaries into 224×224 grayscale images by reading each file as a stream of 8-bit integers. A Convolutional Neural Network (CNN) based on the ResNet-50 architecture was trained using Transfer Learning on a subset of 457 Android applications from the CCCS-CIC-AndMal-2020 dataset. The model was trained for 25 epochs with early stopping, achieving perfect benign classification (100% specificity, zero false positives), validating the conversion pipeline as functionally correct and establishing a reproducible proof-of-concept that APK binary visualization is a viable static analysis technique inherently immune to code obfuscation.

Alshoulie, M., & Mehmood, A. (2024). Deep learning approaches for malware detection: A comprehensive review of techniques, challenges, and future directions. IEEE Access, 12, 1–25. https://doi.org/10.1109/ACCESS.2024

Chezzi, A., Catalano, C., & Caivano, D. (2024). Using CNNs as static detectors against malicious Android APKs. CEUR Workshop Proceedings, 3656, 1–10.

DemandSage. (2025). Android usage statistics (2025): Users & market share. Retrieved from https://www.demandsage.com/android-statistics/

Diao, W. (2024). Android’s cat-and-mouse game: Understanding evasion techniques against dynamic analysis. Retrieved from https://diaowenrui.github.io/paper/issre24-li.pdf

Elsersy, W. F., Feizollah, A., & Anuar, N. B. (2022). The rise of obfuscated Android malware and impacts on detection methods. PeerJ Computer Science, 8, e907. https://doi.org/10.7717/peerj-cs.907

Ghourabi, A. (2024). An attention-based approach to enhance the detection and classification of Android malware. Computers, Materials & Continua, 80(2), 2743–2760.

Hemalatha, J., Roseline, S. A., Geetha, S., Kadry, S., & Damaševičius, R. (2025). Deep convolution neural networks for image-based Android malware classification. Computers, Materials & Continua, 82(3), 59903.

Joomye, A., Ling, M. H., & Yau, K. L. (2025). A brief survey of deep learning methods for Android malware detection. International Journal of System Assurance Engineering and Management, 16(2), 1–15.

Kaur, A., & Singh, P. (2020). DATDroid: Dynamic analysis technique in Android malware detection. International Journal on Advanced Science, Engineering and Information Technology, 10(3).

Lu, Y., Xu, W., Liu, X., & Li, Z. (2023). GAResNet: A transfer learning based framework for Android malware detection. In Proceedings of the IEEE International Conference on Parallel and Distributed Systems (ICPADS) (pp. 1–8). IEEE.

Millar, S., McLaughlin, N., Martinez del Rincon, J., & Miller, P. (2024). Multimodal deep learning for Android malware classification. Journal of Cybersecurity and Privacy, 7(1), 23.

Nahhas, L. (2023). Android malware detection using ResNet-50 stacking. Computers, Materials & Continua, 74(2), 3998–4015.

Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., & Xiang, Y. (2024). A survey of Android malware detection with deep neural models. ACM Computing Surveys, 53(6), 1–36.

Salim, H. K. (2024). Deep learning-based Android malware detection with CNN-GRU model [Master’s dissertation, National College of Ireland].

Sandhu, R. (2010). Malware obfuscation techniques: A brief survey. Retrieved from https://profsandhu.com/cs5323_s18/yk_2010.pdf

SentinelOne. (2025). What is polymorphic malware? Examples & challenges. Retrieved from https://www.sentinelone.com/cybersecurity-101/threat-intelligence/what-is-polymorphic-malware/

Shamim, M. S., Abdullah-Al-Wadud, M., Akhtar, N., & Tahir, S. (2024). ViTDroid: Vision transformers for efficient, explainable attention to malicious behaviour. Sensors, 24(20), 6690.