A Dynamic DL-Driven Architecture to Combat Sophisticated Android Malware

The predominant Android operating system has captured enormous attention globally not only in smart phone industry but also for varied smart devices. The open architecture and application programming interfaces (APIs) while hosting third party applications has led to explosive growth of varied pervasive sophisticated Android malware production. In this study, we propose a robust, scalable and efficient Cuda-empowered multi-class malware detection technique leveraging Gated Recurrent Unit (GRU) to identify sophisticated Android malware. Experimentation of the proposed technique has been carried out using current state-of-the-art datasets of Android applications (i.e., Android Malware Dataset (AMD), Androzoo). Moreover, to rigorously evaluate the performance of the proposed technique, we have employed standard performance evaluation metrics (e.g., accuracy, precision, recall, F1-score etc.) and compared it with our constructed DL-driven architectures and benchmark algorithms. The GRU-based malware detection system outperforms with 98.99% detection accuracy for malware identification with a trivial trade off in speed efficiency.


I. INTRODUCTION
The evolution from traditional to smart devices has revolutionized the world. Currently, an exponential growth of smart devices has been witnessed both for personal and commercial use. According to a report published by Gartner [1], approximately 400 million smartphones were sold in 2019. By analysing smartphones popularity, stakeholders have also shown strong interest towards developing proprietary mobile operating systems (OS) [2]. Android being an open source and versatile platform is considered as a leading giant in the telecommunication industry and a de facto standard for various smart phone manufacturers. In 2019, Android is the most predominant OS; holding an approximately 74% of market shares around the globe in smart phone industry [3]. Additionally, apart from smart phones Android is also taking The associate editor coordinating the review of this manuscript and approving it for publication was Shadi Aljawarneh . over smart watches, tablets, televisions, digital boxes and so forth.
Due to the prevailing environment of Android, it is becoming a potential target for cyber adversaries. Malware developers are essentially motivated of crafting sophisticated malwares to exploit existing OS vulnerabilities [4], [5]. The term malware is a collection of malicious software variants intentionally designed (i.e., Viruses, Trojans, Spyware, Adware and Ransomware etc.) [6] to cause extensive damage to data and system as privilege escalation, information theft, remote control and privacy breach etc [7]. Sophisticated malware is highly impeccable and can simply throw the whole industry into chaos. Moreover, malware growth continues to increase by the fact that Android malware can immensely influence both enterprise and end-users. The literature is evident that malware can possibly get Android root access and is not traceable subsequently [8].
Cyber attackers manage to produce unprecedented levels of disruption such as exploitation of zero-day vulnerabilities leveraging diverse tools and tactics [4] to disrupt various systems. To reverse the effects of ever evolving cyber threats, the situation makes malware detection techniques worth studying and improving. Deep learning techniques can help tackle dynamic evolving malware in Android environment timely and efficiently [9], [10]. In this paper, we propose an efficient and scalable Deep Learning (DL) based malware detection scheme employing Gated Recurrent Unit (GRU) to comprehensively detect varied Android malware timely and efficiently.

A. CONTRIBUTIONS
The main contributions of the proposed study are manifold: • The authors propose a flexible, innovative and scalable DL-based detection mechanism leveraging Recurrent Neural Network (RNN), particularly Gated Recurrent Unit (GRU) to identify multi-class attacks effectively in Android environment.
• To comprehensively evaluate multi-class attacks and evolving malwares in Android, a current state-of-the-art publicly available android datasets (i.e., AMD, Androzoo) have been employed.
• Standard performance evaluation metrics (i.e., accuracy, precision, recall, F1-score etc.) have been used to thoroughly evaluate our proposed mechanism. Moreover, our proposed technique outperforms in terms of detection accuracy with a trivial trade-off in computational complexity.
• Furthermore, we also compare our proposed technique with our constructed other DL-driven algorithms (i.e., Long short-term memory, Convolutional Neural Network, and Deep Neural Network) and current benchmarks.

B. ORGANIZATION
The remaining paper is adjusted in the following way; section II shows the relevant literature. Section III is about the detailed architectural description of utilised algorithms. Section IV includes of a detailed overview of our proposed system (i.e., system design, dataset, and constructed algorithms). Section V discusses experimental results and our findings from evaluation. Finally, Section VI concludes the paper and defines future directions.

II. RELATED WORK
In recent work, researchers have proposed different malware detection framework to protect against ever evolving sophisticated malware in Android. In [11], millar et al. proposed Android malware detection framework leveraging Discriminative Adversarial Network (DAN) for classification of obfuscated and un-obfuscated applications as malicious or benign. Practical experimentation is performed on Drebin dataset and achieved 97% average detection accuracy. Lee et al. in [12], presented a malware identification scheme employing Gated Recurrent Unit (GRU) and Convolutional Neural Network (CNN). The experiment has been performed on about two million samples collected from VirusTotal and achieved detection accuracy of 97.7%. The study [13] implemented Deep Neural Network (DNN) architecture to classify malicious Android applications. An Android package kit (APK) based dataset for binary classification have been employed for evaluation for the proposed framework that achieves 95% detection accuracy. Alzaylaee et al. in [14], proposed a DL-Droid framework to detect malicious Android applications through using a input generation scheme for efficient code coverage and to improve performance. Features are extracted from Android applications and genuine API calls. The experiment is performed on total 31,125 Apk's, where 11,505 were malwares and 19,620 benign samples were taken from Intel-Security (McAfee Labs). The proposed framework acquires 95.2% detection accuracy. Additionally, in [15], the authors presented a malware detection framework using system calls while employing Long short-term memory (LSTM). The employed dataset (i.e., Drebin) contain 3567 Malicious and 3536 Benign applications and obtain detection accuracy of 93.7%. Moreover, real time automated framework has been developed in [16] to classify malicious and benign Android applications. The proposed Gated Recurrent Unit (GRU) based framework achieved detection accuracy of 91.42% utilizing Contagio malware dump dataset.
C. Hasegawa et al. proposed a lightweight malware identification technique leveraging Convolutional Neural Network (CNN) to analyse raw APK's in [17]. The dataset considered in this study contains 5000 malware and 2000 benign Android applications from AMD and Drebin dataset. The framework secures 97% of an average detection accuracy while employing a 10-fold cross validation technique. Using permissions and API call's, [18] proposed Deep Neural Network (DNN) to classify Android malicious applications. The framework outperforms with 97% detection accuracy on Drebin dataset. To detect Android sophisticated Malware, Karbab et al. presented a system called MalDozer [19] to determine malware sequence from raw data of different API calls. The proposed system employs Artificial Neural Network (ANN) and acquire 90% of detection accuracy. The utilized datasets for proposed framework are Malgenome-2015 with 1K samples, Drebin-2015 with 5.5K samples, MalDozer dataset with 20K samples. Moreover, 38k benign Android applications are downloaded from google play store. To convert the APK's binary data into images, the study presented the image texture-based classification mechanism in [20]. The technique utilizes Deep Belief Network (DBN) VOLUME 8, 2020 and extracts features like API calls, permissions and activities. The framework is experimented on Drebin dataset and the achieved results shows that image texture when combined with API calls gets 95.6% detection accuracy. In [21], Zhang et al. proposed DeepclassifyDroid that is based on Convolutional Neural Network (CNN) for Android malware detection. The dataset containing 5546 malicious and 5224 benign applications achieves 97.4% accuracy which also reveals lack in system performance and need of dataset with enough instances present. However, [22] establish a DDefender technique for malware identification using Deep Neural Network (DNN) for dynamic as well as static analysis. The dataset comprised of 4208 Android applications instances and achieved 95% detection accuracy which is not good enough for real time deployment of system. Li et al. in [23] implemented a malware identification system based on API calls and permission to design a Deep Belief Network (DBN). The proposed scheme considered Drebin dataset for experimentation and achieves 90% detection accuracy.
Moreover, Long short-term memory (LSTM) in [24] is employed for malware characterization in Android. The dataset containing 1738 records of Android applications that obtain 93.9% and 97.5% detection accuracy for dynamic and static analysis separately. The study [25] suggests Deep-Refiner malware identification framework likewise automates feature extraction process leveraging Long short-term memory (LSTM). Deep-Refiner considers dataset with 62,915 malware and 47,525 benign Android Apk's. The achieved detection accuracy of proposed technique is 97.74% that is still not adequate for real time deployment of the proposed framework. Consequently, Convolutional Neural Network (CNN) based Android malware detection system represents Android applications into RGB colour code is presented in [26]. The encoded image is passed as an input to CNN classifier for automation of feature extraction and execution process. The proposed approach achieved 97.25% detection accuracy for 829356 android application of leopard mobile Inc. The presented technique in [27] utilized diverse DL-based classifiers (i.e., CNN, RNN, DAE, DBN and LSTM) to efficiently detect Android malware by considering the requested permissions, components and filtered intents. For practical experimentation Drebin and Virus-share dataset achieves 93.6% detection accuracy for LSTM. To detect sophisticated malwares, [28] proposed multimodal Convolutional Neural Network (CNN) to reflect the properties of Android applications as malevolent or benign. Feature vector is extracted through similarity-based feature extraction method while using Permissions, API calls and so forth. The dataset comprises of 41260 applications (i.e., Virus-Share, Malgenome Project, Google Play App Store and Virus-Total) and achieved 98% detection accuracy.
Reference [29] presented the technique based on Natural Language processing (NLP) for Android malware analysis. The proposed system considers system call sequence as text file. The dataset contains 14231 applications in total from Android virtual device (AVD) system calls dataset and acquire an accuracy of 93.16%. Singh et al. presented the conventional machine learning and deep learning models in [30] for pervasive malware detection. Considered algorithms are Decision tree, Random forest, Gradient boosted trees, K-NN, Deep Neural Network (DNN) and SVM. However, SVM performs better having 97.16% of detection accuracy. The utilised dataset comprises of small number of instances (i.e., 494 applications). Additionally, [31] develop Auto-Droid (automatic Android malware detection) rather than depending on API call mentioned in manifest file, the technique used API calls of smali code at the kernel of Android OS. The model gets performance of 95.98% using Deep Belief Network (DBN) and Stacked Auto-Encoders (SAE) for newly unknown malware detection.
Reference [32] presented Deep Flow based Deep Belief Network (DBN) for malware identification based on data streams for malignant applications that differ from benign applications. The proposed system is executed for 3000 benign and 8000 malicious applications and obtains an accuracy of 95.05%. To explore the ability of Convolutional Neural Network (CNN) for malware detection through conversion of bytecode into text in [33]. The proposed framework has an edge to extract features automatically from raw data. The experiment performs on diverse datasets: Genome project and McAfee Labs dataset. The model achieves accuracy of 98% by utilizing Genome dataset and 87% accuracy for McAfee dataset. Adversary resistant technique developed in [34] that obstructs adversary from constructing adversarial samples. The DNN-based framework is experimented employing a dataset of 14,679 malware and 17,399 benign variants from MNIST CIFAR-10. The presented technique attain accuracy of 95.2% detection accuracy. The framework in [35] converts Android permissions into features leveraging LSTM layer and bag-of-words technique. Cyber Security Data Mining Competition (CDMC2016) dataset has been utilized and achieved 89.7% detection accuracy.
The given literature comparison (see Table 1) is quite evident that DL models are still in its commencement towards comprehensive evaluation of diverse multi-attacks in Android environment. Clearly, most of the existing mechanisms are devised for binary classification only. Further, this research came up with the idea of cuda-empowered GRU-based detection framework to extensively evaluate DL-models for the detection of sophisticated Android malware.

III. PRELIMINARIES
The basic architecture and explanation of the utilized varied DL-algorithms (i.e., Gated Recurrent Unit, Long short-term memory (LSTM), Convolutional Neural Network (CNN) and Deep Neural Network (DNN)) have been briefly explained.

A. GATED RECURRENT UNIT (GRU)
Gated Recurrent Unit (GRU), is a powerful variant of standard Recurrent Neural Network (RNN) and similar to an LSTM utilise the combined gating mechanism as a solution to short-term memory. The GRU has an internal mechanism  called gates that regulate and even circulate the flow of information. The gates help to learn the GRU cell which information is important to store or erase. Thus, the important information is passed further to make predictions. Forget gate and input gates are also joined together to design an update gate z t . The update gate is responsible for maintaining the amount of previous memory and new information to be hold.
x t is a current input vector and h t−1 is basically value calculated from previous adjacent layer. However, w z is learnable weight matrix for update gate.
GRU also combines current input with previous memory at reset gate r t . Moreover, r t is responsible for determining how exactly the equation combines previous state and new output.
Tanh is a hyperbolic tangent function. The output range for tanh is (−1,1). Moreover, h t is the calculated value for current cell.
The architecture of GRU is simple than standard RNN but proved to be performance and speed efficient. The basic architecture of GRU can be seen in Fig.1.

B. LONG SHORT-TERM MEMORY
Long short-term memory (LSTM) [36], a variant of Recurrent Neural Network (RNN) is an incredible classifier for temporal data mining and learning. LSTM model utilize extraordinary module known as constant error carousel (CEC) to spread constant error signal through time to learn long-term features and dependencies. Furthermore, through utilization of well-designed ''gate'' structure prevents backpropagated error. The internal values of CEC is decided by the ''gate'' state according to current information and previous flow to control the data steam and memory. One LSTM cell is comprised of three gates and two states named input gate, forget gate, output gate, hidden state and cell state respectively. Given an input sequence x = {x 1 + x 2 , . . . ., x t } where input gate, forget gate, and output gate in LSTM structure,  The f t gate decides how much information is to be kept in the cell. h t−1 is obtained output value from previous layer while x t is the current input vector. b f is referred as forget gate bias and W f is weight matrix.
After the decision of information to be kept, next step is to update cell state and it is achieved through input gate i t .
Tanh which is a hyperbolic tangent function, generates a vector of new candidate values, c t .
The current candidate value which decides to change the value is done through multiplication of old value and f t . Further, i t * c t is added to the equation.
Finally, a filtered output o t of the cell state is obtained as a final output.
For a typical LSTM cell, the sequence data is considered as an input to LSTM cell and hidden layers are fully connected to the input layer. The size of LSTM output layer depends upon to the number of classes to classify.

C. CONVOLUTIONAL NEURAL NETWORK
After achieving outstanding results in the fields of image recognition, speech recognition, computer vision, and natural language processing, Convolutional Neural Network is now prospering its roots in cyber security. CNN can learn the important features automatically compared to conventional feature selection algorithms. CNN [37] is considered as a sequence of interconnected processing components intended to transform the set of inputs to the set of required outputs in Fig.4. Input, output and hidden layers are main components of a CNN classifier. CNN performs multiple operations on the input data, which include convolution, pooling, flattening and padding, finally the network relates to a fully connected neural network.

D. DEEP NEURAL NETWORK
Deep Neural Network (DNN) [38] is recognised as standard Artificial Neural Network with multiple inter-connected layers between input and output layers. The DNN finds the correct mathematical calculation to convert the input into the output. The single layer of DNN contains several neurons where computations are performed. The node receives input, performs operations while utilizing stored weights, applies activation function and then finally pass the information to the next subsequent node until it reaches to a conclusion. Fig.5 depicts complete simplified overview of DNN. Fig.3 illustrates the simplified overview of the proposed graphical processing unit (GPU) empowered GRU-based deep learning scheme for detection of Android malware. The first Data Acquisition phase is structured to generate dataset which includes with code, manifest file and classes extraction from Android package kit (Apk) and the feature vector generation from manifest file. The data preprocessing phase is comprised of feature selection, data normalization, data transformation and label encoding to convert dataset into a classifiers acceptable format. In the model engineering phase DL-driven GPU-accelerated GRU model is employed for detection of ever evolving sophisticated cyber threats and attacks in Android ecosystem. Finally, the achieved results have been rigorously evaluated through standard performance evaluation metrics (e.g., Accuracy, Precision, Recall, F1-score, AU-ROC and etc).

A. DATA ACQUISITION
An Android APK includes with a manifest file named as AndroidManifest.xml. Manifest file contains metadata that supports the access privileges, installation and execution of  the Android packages. In the proposed methodology, Java code is structured to extract manifest file from an Android APK. For the extraction of useful information and feature vector generation from manifest file, python script has been written. The designed code extensively examines manifest file and extracts diverse features (i.e., permissions, API calls and filtered intents). The initial extracted features through python script includes with permissions like access to camera, GPS, Mic or touchscreen. Mostly malicious intended application asks to access those components which are not even required for any purpose or the functionality of the application.
Requested permissions are also considered important for Android malware detection system as they are granted to the application at installation time. We nearly accumulated one thousand distinct permissions that are used by various Android applications. An Android application is built upon four main components known as Activity, Service, Broadcast Receiver and Content provider. These four components are also considered as features of dataset. Intents are a message-passing mechanism within the application's components or with other connected applications. Filtered intents are also considered.

B. DATA PREPROCESSING
Data preprocessing refers to a process of all the transformations on raw data before input to an algorithm for efficient performance. Furthermore, it also reduces the complexity of the available resources in term of storage and time. Apk's of AMD and Androzoo are combined to generate dataset for our proposed Android malware detection. It satisfies every one of the criteria such as labelled dataset, complete manifest files features, malware diversity and heterogeneity. Through python script, around 19000 features were extracted but 150 most appearing features has been selected. To increase the effectiveness of malware detection system there is a need to shift all the feature values into the scaled version. For this, python Standard Scaler function is used to perform the normalization of the dataset. To reduce data redundancy and improve data integrity data transformation has been performed which remove duplicate, null and infinity values. The conversion of each value in a column to a number is also executed through label encoding.

C. MODEL ENGINEERING
The DL-driven GPU-empowered GRU is employed for detection of ever evolving sophisticated cyber threats and attacks in Android. An efficient, robust and scalable Android malware detection scheme have been implemented which detect multi-class malwares like Backdoor and Trojan. The complete design of the proposed benchmark GPU-empowered GRU classifier and other experimented architectures for performance evaluation (i.e., Layers, Neurons, Activation Functions, Loss Function, Optimizer, Batch Size, Epochs and Learning rate) are detailed in Table.2.

D. DATASET
The selection of current state of the art dataset plays a significant role in analysing the performance of a malware detection system. For malware detection, dataset comprised of 38842 APK's (i.e., 30831 benign APK's have been collected from Androzoo [39] and 8011 Malware APK's from Android Malware Dataset (AMD) [40]. AMD contains 10 diverse classes of malware (i.e., Backdoor, Trojan, Trojan-Banker, Trojan-clicker, Trojan-Dropper, Trojan-SMS, Trojan-Spy, Adware, HackerTool, Ransom) with 71 distinct malware families. For dataset, we merge 6 different classes of trojan into single trojan class. Thus, the complete distribution of dataset is across 3 different classes including Benign, Backdoor and Trojan which can also be seen in Fig.6.

V. EXPERIMENTAL SETUP, RESULTS AND DISCUSSION
The section provides complete overview of the experimental setup, standard performance evaluation metrics and results along with discussion.

A. EXPERIMENTAL SETUP
For the experimental setup, the authors have employed Intel processor, Graphical Processing Unit (GPU) for hardware setup. Whereas, the proposed methodology is implemented using Keras for software implementation [41]. The python language is utilized for development of proposed methodology. Detailed hardware and software specifications can be seen in Table.3.

B. EVALUATION METRICS
For comprehensive performance evaluation of proposed malware detection model, we have employed standard evaluation metrics (i.e., accuracy, precision, recall, F1-score, and ROC curve). For a more thorough evaluation, we have also calculated extended evaluation metrics (i.e., True Negative Rate, (TNR), Matthews Correlation Coefficient (MCC), Negative Predictive Value (NPV), False Positive Rate (FPR), False Negative Rate (FNR), False Discovery Rate (FDR) and False Omission Rate (FOR). The detailed description of performance evaluation metrics can be seen in [42].
The True Positve, True Negative, False Positive and False Negative are described as: True Positive (TP) is equal to number of malicious records classified as malicious.
True Negative (TN) is equal to number of benign samples predicted as benign.
False Positive (FP) is equal to number of benign samples mis-classified as malicious one.
False Negative (FN) is equal to number of malicious records mis-classified as benign.

1) ACCURACY
Accuracy is the number to correctly predicted samples over total number of samples.

2) PRECISION
Precision is the ratio of malicious applications that are classified correctly, to the total number of all malicious applications.

3) RECALL
Recall is the number of correctly predicted values from total records for each class. Recall is also called True Positive Rate (TPR).

4) F1-SCORE
F1 score shows the correlation between recall and precision.

5) CONFUSION MATRIX
A confusion matrix is used to describe the overall performance of a classification model. Confusion Matrix is represented in either for binary or multi-class. The Confusion Matrix is useful to measure the values of accuracy, precision, recall and AUC-ROC curve.

6) AUC-ROC
AUC-ROC represents the degree of separability and mainly represents the performance of multi-class classification problems. This one of the most important evaluation metrics to distinguish between multiple classes. The Higher AUC, the model is good at predicting 0s as 0s, 1s as 1s. The plot of ROC curve is between TP rate and FP rate.

C. DISCUSSION
The Cuda-empowered GRU-based Android malware detection scheme is proposed for 3 diverse classes (i.e., benign, trojan and backdoor). For comprehensive performance evaluation, we compare the proposed technique with our constructed contemporary DL algorithms such as Long short-term memory (LSTM), Convolutional Neural Network (CNN) and Deep Neural Network (DNN). The confusion matrix in Fig.7 depicts the performance efficiency of our proposed technique for multi attack classification. The highly achieved values of True Positive (TP) and True Negative (TN) defines the performance of our system to be effectively utilized for ever-evolving sophisticated cyber threats and malware detection in Android.
To measure, how accurately the Android applications are classified as benign or malicious, detection accuracy, precision, recall and F1-score is also calculated and depicted in Fig.8. The proposed GPU-enabled GRU-based malware detection technique achieves 98.96% detection accuracy, 99.38% precision, 99.31% recall and 99.35% F1-score for malware classification. However, DNN accomplished 99.59% precision value which is higher than our proposed model is due to less number of records and less complex architecture. classified the relevant instances more correctly.   Our proposed technique is overall achieving high performance compared to other constructed classifiers. To rigorously evaluate the proposed model, True Negative Rate (TNR), Matthews Correlation Coefficient (MCC) and Negative predicted values (NPV) are also calculated. our proposed mechanism achieves 97.34%, 96.92%, 97.60% for TNR, MCC and NPV as presented in Fig.9. The proposed mechanism clearly outperforms the rest of the classifiers.
Moreover, False Negative Rate (FNR), False Positive Rate (FPR), False Omission Rate (FOR) and False Discovery Rate (FDR) are fundamentally determined to show the classifier execution for mischaracterization of instances. The proposed GRU-based malware detection solution accomplished 0.68%, 0.63%, 2.4% and 0.68% for FDR, FNR, FOR and FPR respectively as shown in Fig.10. Results for FDR, FOR, FNR and FPR clearly show great performance of our proposed architecture.
The AU-ROC illustrates the relationship between True Positive Rate (TPR) and False Positive Rate (TNR). The area under the curve shows robust performance of the proposed technique as shown in Fig.11. AU-ROC's clearly demonstrates the reliable performance of our proposed technique.  The time efficiency of our proposed technique is defined in Fig.12. The proposed GRU model took 1005 (milliseconds) almost equal to 1 second for 7560 instances in testing VOLUME 8, 2020   phase. The GRU is clearly showing a trivial trade off of speed efficiency with other compared algorithms. Though, the speed efficiency of GRU is not very promising, however; there is a room for improvement in terms of time complexity. Our future work plans to improve the speed efficiency of the proposed algorithm.
Consequently, the proposed technique is also compared with current benchmarks. The comprehensive comparison of GRU-based technique with current state of the art is shown in Table.4. The achieved values evidently show the outperformance of our proposed mechanism for Android malware detection.

VI. CONCLUSION
Increasing demand of open and prevalent environment of Android OS not only revolutionized the digital landscape but also bring novel sophisticated cyber security vulnerabilities, threats and attacks. To tackle sophisticated multi-class malware threats and attacks, we propose a robust, scalable and efficient DL-based Android malware detection technique. The proposed mechanism has been thoroughly evaluated with standard performance metrics and compared extensively with current benchmarks and our constructed contemporary DL-driven algorithms. The proposed scheme outperforms in terms of high detection accuracy that means accurately identifying prevalent varied Android malwares. The efficient and timely detection of the proposed technique can remarkably help for subsequent mitigation and prevention of attacks. Finally, we endorse varied deep learning architectures to find a promising solution to combat novel and emerging sophisticated Android malwares.
IRAM BIBI received the B.S. degree (Hons.) in software engineering from the National University of Modern Languages (NUML), Islamabad, Pakistan, in 2017, and the Master of Science degree in information security from COMSATS University, Islamabad, in 2020. She is currently working with ProSanct, for one year, as a Research Assistant. Her research interests include analysis and detection of network based cyber threat and attacks for Android, the Internet of Things, and software defined networking. VOLUME 8, 2020 ADNAN AKHUNZADA is an enthusiastic and dedicated professional with extensive 12 years of Research and Development experience in ICT industry and academia, with demonstrated history and a proven track record of high impact published research (i.e., Patents, Journals, Transactions, Commercial Products, Book chapters, Reputable Magazines, Conferences, and Conference Proceedings). His experience as an Educator and a Researcher is diverse. It includes work as a Lecturer, a Senior Lecturer, a year Tutor, an Occasional Lecturer at other engineering departments, as an Assistant Professor with COMSATS University Islamabad (CUI), a Senior Researcher with RISE SICs, Vasteras, AB, Sweden, as a Research Fellow and the Scientific Lead at DTU Compute, The Technical University of Denmark (DTU), and a Visiting Professor having mentorship of graduate students, and supervision of academic and Research and Development projects at UG and PG level. He has also been involved in international accreditation such as Accreditation Board for Engineering and Technology (ABET), and curriculum development according to the guidelines of ACM/IEEE. He is currently involved in various EU and Swedish funded projects of cyber security. His main research interests include cyber security, machine learning, deep learning, reinforcement learning, artificial intelligence, blockchain and data mining, information systems, large scale distributed systems (i.e., edge, fog, and cloud, SDNs), the IoT, Industry 4.0, and the Internet of Everything (IoE). He is a member of the technical programme committee of varied reputable conferences and editorial boards. He has been serving as an Associate Editor for IEEE ACCESS.
JAHANZAIB MALIK received the B.S. degree (Hons.) in software engineering from the National University of Modern Languages, Islamabad, Pakistan, and the M.Sc. degree in information security from COMSATS University, Islamabad. He is currently a Researcher with the National Cyber Security Auditing and Evaluation Laboratory (NCSAEL), National University of Science and Technology (NUST), Islamabad. His research interests include software defined networking, smart devices security, threat detection and intelligence, malware analysis and detection, application of deep learning and machine learning in cyber defense, distributed computing, and big data.