International Journal of

ADVANCED AND APPLIED SCIENCES

EISSN: 2313-3724, Print ISSN: 2313-626X

Frequency: 12

line decor
  
line decor

 Volume 13, Issue 4 (April 2026), Pages: 240-249

----------------------------------------------

 Original Research Paper

A hybrid CNN-LSTM deep learning framework for enhanced Android malware classification

 Author(s): 

Altyeb Taha 1, *, Ahmed Hamza Osman 2, Yakubu Suleiman Baguda 2

 Affiliation(s):

1Department of Information Technology, Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University, Jeddah 21911, Saudi Arabia
2Department of Information Systems, Faculty of Computing and Information Technology in Rabigh, King Abdulaziz University, Jeddah 21911, Saudi Arabia

 Full text

    Full Text - PDF

 * Corresponding Author. 

   Corresponding author's ORCID profile:  https://orcid.org/0000-0001-9086-3085

 Digital Object Identifier (DOI)

 
https://doi.org/10.21833/ijaas.2026.04.024

 Abstract

Smartphones increasingly store sensitive data, making them attractive targets for cyberattacks. Among mobile platforms, Android is especially vulnerable due to its open-source nature and widespread use. Malicious applications threaten user privacy, compromise data, and damage system integrity, highlighting the need for effective detection methods. This paper introduces a hybrid deep learning model for Android malware classification that integrates Convolutional Neural Networks (CNNs) for feature extraction with Long Short-Term Memory (LSTM) networks for capturing sequential patterns. The proposed model is evaluated on two benchmark datasets, Drebin and AndroZoo, achieving accuracies of 98.30% and 97.25%, respectively, and outperforming existing machine learning approaches.

 © 2026 The Authors. Published by IASE.

 This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/).

 Keywords

Android malware, Deep learning, Hybrid model, CNN, LSTM

 Article history

Received 8 August 2025, Received in revised form 1 November 2025, Accepted 27 April 2026

 Acknowledgment

This project was funded by the Deanship of Scientific Research (DSR) at King Abdulaziz University, Jeddah, Saudi Arabia, under grant no. (IPP:1027-830-2025). The authors, therefore, acknowledge with thanks DSR for technical and financial support

 Compliance with ethical standards

 Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

 Citation:

Taha A, Osman AH, and Baguda YS (2026). A hybrid CNN-LSTM deep learning framework for enhanced Android malware classification. International Journal of Advanced and Applied Sciences, 13(4): 240-249

  Permanent Link to this page

---------------------------------------------- 

 References (36)

  1. Alazab M, Alazab M, Shalaginov A, Mesleh A, and Awajan A (2020). Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems, 107: 509–521. https://doi.org/10.1016/j.future.2020.02.002   [Google Scholar]
  2. Aldhyani THH and Alkahtani H (2022). Attacks to automatous vehicles: A deep learning algorithm for cybersecurity. Sensors, 22(1): 360. https://doi.org/10.3390/s22010360   [Google Scholar] PMid:35009899 PMCid:PMC8749531
  3. Allix K, Bissyandé TF, Klein J, and Le Traon Y (2016). AndroZoo: Collecting millions of Android apps for the research community. In the Proceedings of the 13th International Conference on Mining Software Repositories, Austin, USA: 468–471. https://doi.org/10.1145/2901739.2903508   [Google Scholar]
  4. Altaher A (2017). An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features. Neural Computing and Applications, 28: 4147-4157. https://doi.org/10.1007/s00521-016-2708-7   [Google Scholar]
  5. Altaher A and Barukab O (2017). Android malware classification based on ANFIS with fuzzy c-means clustering using significant application permissions. Turkish Journal of Electrical Engineering and Computer Sciences, 25(3): 2232-2242. https://doi.org/10.3906/elk-1602-107   [Google Scholar]
  6. Arp D, Spreitzenbarth M, Hübner M, Gascon H, and Rieck K (2014). Drebin: Effective and explainable detection of Android malware in your pocket. In the Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, USA: 23-26. https://doi.org/10.14722/ndss.2014.23247   [Google Scholar]
  7. Bai H, Xie N, Di X, and Ye Q (2020). FAMD: A fast multifeature Android malware detection framework, design, and implementation. IEEE Access, 8: 194729–194740. https://doi.org/10.1109/ACCESS.2020.3033026   [Google Scholar]
  8. Enichen EJ, Heydari K, Li B, and Kvedar JC (2025). Platform matters -- Differences in COVID data collected from Android and iOS app users. npj Digital Medicine, 8: 307. https://doi.org/10.1038/s41746-025-01734-8   [Google Scholar] PMid:40413335 PMCid:PMC12103540
  9. Fereidooni H, Conti M, Yao D, and Sperduti A (2016). ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In the 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), IEEE, Larnaca, Cyprus: 1–5. https://doi.org/10.1109/NTMS.2016.7792435   [Google Scholar]
  10. Graves A, Mohamed AR, and Hinton G (2013). Speech recognition with deep recurrent neural networks. In the 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, IEEE, Vancouver, Canada: 6645–6649. https://doi.org/10.1109/ICASSP.2013.6638947   [Google Scholar]
  11. Hu X (2024). TySA: Enforcing security policies for safeguarding against permission-induced attacks in Android applications. IEEE Access, 12: 165026–165041. https://doi.org/10.1109/ACCESS.2024.3487852   [Google Scholar]
  12. Karim F, Majumdar S, Darabi H, and Chen S (2017). LSTM fully convolutional networks for time series classification. IEEE Access, 6: 1662–1669. https://doi.org/10.1109/ACCESS.2017.2779939   [Google Scholar]
  13. Kim Y and Panda P (2021). Revisiting batch normalization for training low-latency deep spiking neural networks from scratch. Frontiers in Neuroscience, 15: 773954. https://doi.org/10.3389/fnins.2021.773954   [Google Scholar] PMid:34955725 PMCid:PMC8695433
  14. Kiranyaz S, Avci O, Abdeljaber O, Ince T, Gabbouj M, and Inman DJ (2021). 1D convolutional neural networks and applications: A survey. Mechanical Systems and Signal Processing, 151: 107398. https://doi.org/10.1016/j.ymssp.2020.107398   [Google Scholar]
  15. Kumar M, Singh S, Pilania U, Arora G, and Jain M (2023). LSTM-based approach for Android malware detection. Procedia Computer Science, 230: 679–687. https://doi.org/10.1016/j.procs.2023.12.123   [Google Scholar]
  16. LeCun Y, Bengio Y, and Hinton G (2015). Deep learning. Nature, 521: 436–444. https://doi.org/10.1038/nature14539   [Google Scholar] PMid:26017442
  17. Li P, Abdel-Aty M, and Yuan J (2020). Real-time crash risk prediction on arterials based on LSTM-CNN. Accident Analysis & Prevention, 135: 105371. https://doi.org/10.1016/j.aap.2019.105371   [Google Scholar] PMid:31783334
  18. Liu X, Xu L, Xie H, and Prybutok V (2025). An integrated model of smartphone continuance intention: Income effect. Information Systems Management, 42(4): 507-524. https://doi.org/10.1080/10580530.2025.2479733   [Google Scholar]
  19. Lou S, Cheng S, Huang J, and Jiang F (2019). TFDroid: Android malware detection by topics and sensitive data flows using machine learning techniques. In the 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT), IEEE, Kahului, USA: 30-36. https://doi.org/10.1109/INFOCT.2019.8711179   [Google Scholar]
  20. Mahdavifar S, Alhadidi D, and Ghorbani AA (2022). Effective and efficient hybrid Android malware classification using pseudo-label stacked auto-encoder. Journal of Network and Systems Management, 30: 22. https://doi.org/10.1007/s10922-021-09634-4   [Google Scholar]
  21. McLaughlin N, Martinez del Rincon J, Kang B, Yerima S, Miller P, Sezer S, Safaei Y, Trickel E, Zhao Z, Doupé A, and Ahn GJ (2017). Deep Android malware detection. In the Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, ACM, Scottsdale, USA: 301–308. https://doi.org/10.1145/3029806.3029823   [Google Scholar]
  22. Prasad A, Chandra S, Uddin M, Al-Shehari T, Alsadhan NA, and Ullah SS (2024). PermGuard: A scalable framework for Android malware detection using permission-to-exploitation mapping. IEEE Access, 12: 50728–50743. https://doi.org/10.1109/ACCESS.2024.3523629   [Google Scholar]
  23. Su X, Zhang D, Li W, and Zhao K (2016). A deep learning approach to Android malware feature learning and detection. In the 2016 IEEE Trustcom/BigDataSE/ISPA, IEEE, Tianjin, China: 244-251. https://doi.org/10.1109/TrustCom.2016.0070   [Google Scholar]
  24. Taha A and Barukab O (2022). Android malware classification using optimized ensemble learning based on genetic algorithms. Sustainability, 14(21): 14406. https://doi.org/10.3390/su142114406   [Google Scholar]
  25. Taha A, Barukab O, and Malebary S (2021). Fuzzy integral-based multi-classifiers ensemble for Android malware classification. Mathematics, 9(22): 2880. https://doi.org/10.3390/math9222880   [Google Scholar]
  26. Taha AA and Malebary SJ (2021). Hybrid classification of Android malware based on fuzzy clustering and the gradient boosting machine. Neural Computing and Applications, 33: 6721–6732. https://doi.org/10.1007/s00521-020-05450-0   [Google Scholar]
  27. Talha KA, Alper DI, and Aydin C (2015). APK Auditor: Permission-based Android malware detection system. Digital Investigation, 13: 1–14. https://doi.org/10.1016/j.diin.2015.01.001   [Google Scholar]
  28. Tang D, Tang L, Shi W, Zhan S, and Yang Q (2021). MF-CNN: A new approach for LDoS attack detection based on multi-feature fusion and CNN. Mobile Networks and Applications, 26: 1705–1722. https://doi.org/10.1007/s11036-019-01506-1   [Google Scholar]
  29. Tharwat A (2021). Classification assessment methods. Applied Computing and Informatics, 17(1): 168–192. https://doi.org/10.1016/j.aci.2018.08.003   [Google Scholar]
  30. Wang X, Zhang D, Su X, and Li W (2017a). Mlifdect: Android malware detection based on parallel machine learning and information fusion. Security and Communication Networks, 2017: 6451260. https://doi.org/10.1155/2017/6451260   [Google Scholar]
  31. Wang Z, Yan W, and Oates T (2017b). Time series classification from scratch with deep neural networks: A strong baseline. In the 2017 International Joint Conference on Neural Networks (IJCNN), IEEE, Anchorage, USA: 1578–1585. https://doi.org/10.1109/IJCNN.2017.7966039   [Google Scholar]
  32. Yarotsky D (2017). Error bounds for approximations with deep ReLU networks. Neural Networks, 94: 103–114. https://doi.org/10.1016/j.neunet.2017.07.002   [Google Scholar] PMid:28756334
  33. Yeboah PN and Baz Musah H (2022). NLP technique for malware detection using 1D CNN fusion model. Security and Communication Networks, 2022: 2957203. https://doi.org/10.1155/2022/2957203   [Google Scholar]
  34. Zheng Z, Chen Z, Hu F, Zhu J, Tang Q, and Liang Y (2020). An automatic diagnosis of arrhythmias using a combination of CNN and LSTM technology. Electronics, 9(1): 121. https://doi.org/10.3390/electronics9010121   [Google Scholar]
  35. Zhou QM, Zhe L, Brooke RJ, Hudson MM, and Yuan Y (2021). A relationship between the incremental values of area under the ROC curve and of area under the precision-recall curve. Diagnostic and Prognostic Research, 5: 13. https://doi.org/10.1186/s41512-021-00102-w   [Google Scholar] PMid:34261544 PMCid:PMC8278775
  36. Zhou Y and Jiang X (2012). Dissecting Android malware: Characterization and evolution. In the 2012 IEEE symposium on security and privacy, IEEE, San Francisco, USA: 95–109. https://doi.org/10.1109/SP.2012.16   [Google Scholar]