The dataset includes four major classes: Android_Adware, Android_Scareware, Android_SMS_Malware, and Benign samples. This imbalanced distribution reflects real-world scenarios and presents challenges for robust malware classification.
Analysis of network traffic characteristics showing flow rates from 0.5 to 2.0 packets per second (Pps) and byte rates from 0.0 to 1.8 bytes per second (B/s). These traffic patterns are essential features for distinguishing between benign and malicious network behaviors in Android applications.
Performance evaluation of three classification approaches:
- Dummy Classifier: Baseline performance (random guessing)
- Logistic Regression: Moderate performance with high False Positive Rate (69.6%)
- Optimized Pipeline: Excellent performance with:
- Recall (TPR) = 92.8%
- False Positive Rate = 0.4%
- Demonstrating the effectiveness of our ensemble AI approach
The Random Forest model identifies these key network traffic features as most significant for Android malware detection:
- Flow IAT Max/Min - Maximum and minimum Inter-Arrival Times between packets
- Destination IP Decimal - Numerical representation of destination IP addresses
- Fwd IAT Metrics - Various forward direction inter-arrival time statistics
- Init_Win_bytes_forward - Initial window size in forward direction
- Source IP Decimal - Numerical representation of source IP addresses
These features primarily capture timing patterns and connection characteristics that differentiate malicious traffic from normal network behavior.
The deployed web-based DeepSurf UI provides real-time malware classification with confidence scores and detailed analysis of network traffic patterns using our ensemble AI detection system.
# Clone the repository
git clone https://github.com/rashidraihan/DeepSurf-AI-powered-Android-Malware-Detection.git
cd DeepSurf-AI-powered-Android-Malware-Detection
# Create virtual environment
python -m venv deepsurf_env
source deepsurf_env/bin/activate # On Windows: deepsurf_env\Scripts\activate
# Install dependencies
pip install -r requirements.txt# Start the backend server
uvicorn app:app --host 0.0.0.0 --port 8000 --reloadAuthors: Raihan Rashid, Dipta Karmaker
Affiliation: Department of ECE, North South University
# Run offline performance evaluation
python test_model.pyDeepSurf-AI-powered-Android-Malware-Detection/
├── app.py # FastAPI backend for real-time predictions
├── streamlit_app.py # Streamlit frontend UI
├── test_model.py # Offline evaluation (accuracy, F1, F2, etc.)
├── models/ # Trained ensemble model artefacts
├── data/ # Preprocessed dataset
├── requirements.txt # Python dependencies
└── README.md # Project documentation
- 🤖 AI-Powered Detection - Ensemble machine learning models for robust classification
- 🌐 Web-Based Interface - Streamlit frontend for interactive malware analysis
- ⚡ Real-Time Inference - FastAPI backend for high-performance predictions
- 📊 Comprehensive Metrics - Accuracy, F1, F2, and confusion matrix analysis
- 🔍 Feature Importance - Interpretable AI with explainable feature rankings
- 📱 Android-Focused - Specialized for mobile malware detection
This project is part of an academic research paper in cybersecurity and machine learning.
Authors: Raihan Rashid, Dipta Karmaker Affiliation: Department of ECE, North South University
For academic inquiries and collaboration opportunities:
© 2026 Raihan Rashid. All rights reserved.