Shifu Hou
ABSTRACT
Because of the explosive growth of Android malware and due to the severity of its damages, the detection of Android malware has become an increasing important topic in cybersecurity. Currently, the major defense against Android malware is commercial mobile security products which mainly use signature-based method for detection. However, attackers can easily devise methods, such as obfuscation and repackaging, to evade the detection, which calls for new defensive techniques that are harder to evade. In this paper, resting on the analysis of Application Programming Interface (API) calls extracted from the smali files, we further categorize the API calls which belong to the some method in the smali code into a block. Based on the generated API call blocks, we then explore deep neural networks (i.e., Deep Belief Network (DBN) and Stacked AutoEncoders (SAEs)) for newly unknown Android malware detection. Using a real sample collection from Comodo Cloud Security Center, a comprehensive experimental study is performed to compare various malware detection approaches. The experimental results demonstrate that (1) our proposed feature extraction method (i.e., using API call blocks) outperforms using API calls directly in Android malware detection; (2) DBN works better than SAEs in this application; and (3) the detection performance of deep neural networks is better than shallow learning architectures.
- Y. Bengio, "Learning deep architectures for ai," Foundations and Trends in Machine Learning, 2009. Google Scholar
Digital Library
- Y. Bengio, P. Lamblin, D. Popovici, and H. Larochelle, "Greedy layer-wise training of deep networks," in NIPS, 2007.Google Scholar
- R. Collobert and J. Weston, "A unified architecture for natural language processing: Deep neural networks with multitask learning," in ICML, 2008.Google Scholar
- M. Dimjaevi, S. Atzeni, I. Ugrina, and Z. Rakamaric, "Evaluation of android malware detection based on system calls," in IWSPA, 2016.Google Scholar
- M. Dimjasevic, S. Atzeni, I. Ugrina, and Z. Rakamaric, "Android malware detection based on system calls," in UUCS, 2015.Google Scholar
- A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in SPSM, 2011.Google Scholar
- G. E. Hinton, P. Dayan, B. Frey, and R. M. Neal, "The wake-sleep algorithm for unsupervised neural networks," Science, vol. 268, pp. 1158--1161, 1995. Google ScholarCross Ref
- G. E. Hinton, S. Osindero, and Y. Teh, "A fast learning algorithm for deep belief nets," Neural Computation, vol. 18, pp. 1527--1554, 2006. Google ScholarDigital Library
- S. Hou, A. Saas, L. Chen, and Y. Ye, "Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs," in WIW, 2016.Google Scholar
- S. Hou, A. Saas, Y. Ye, and L. Chen, "Droiddelver: An android malware detection system using deep belief network based on api call blocks," in WAIM, 2016.Google Scholar
- A. U. Z. I. Burguera and S. Nadjm-Tehrani, "Crowdroid: behavior-based malware detection system for android," in SPSM, 2011.Google Scholar
- IDC, "Smartphone os market share 2016," in http://www.idc.com/promo/smartphone-market-share/os, 2016.Google Scholar
- Y. Lv, Y. Duan, W. Kang, Z. Li, and F. Wang, "Traffic flow prediction with big data: A deep learning approach," Intelligent Transportation Systems, 2014.Google Scholar
- N. Peiravian and X. Zhu, "Machine learning for android malware detection using permission and api calls," in ICDM, 2013.Google Scholar
- H. Peng, F. Long, and C. Ding, "Feature selection based on mutual information: Criteria of max-dependency, max-relevance, and min-redundancy," IEEE Transactions on Pattern Analysis and Machine Intelligence, 2005.Google Scholar
- K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro, "Copperdroid: Automatic reconstruction of android malware behaviors," in NDSS, 2015.Google Scholar
- P. Vincent, H. Larochelle, I. Lajoie, Y. Bengio, and P. Manzago, "Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion," Journal of Machine Learning Research, vol. 11, pp. 3371--3408, 2010.Google ScholarDigital Library
- P. Wood, Internet Security Threat Report 2015. Symantec, California, 2015.Google Scholar
- D. Wu, C. Mao, T. Wei, H. Lee, and K. Wu, "Droidmat: Android malware detection through manifest and api calls tracing," in ASIA JCIS '12, 2012.Google Scholar
- W. Wu and S. Hung, "Droiddolphin: a dynamic android malware detection framework using big data and machine learning," in RACS, 2014.Google Scholar
- J. Xu, Y. Yu, Z. Chen, B. Cao, W. Dong, Y. Guo, and J. Cao, "Mobsafe: Cloud computing based forensic analysis for massive mobile applications using data mining," Tsinghua science and technology, vol. 18, 2013.Google Scholar
- C. Yang, Z. Xu, G. Gu, V. Yegneswaran, and P. Porras, "Droidminer: automated mining and characterization of fine-grained malicious behaviors in android applications," in ESORICS, 2014.Google Scholar
- Y. Ye, D. Wang, T. Li, and D. Ye, "Imds: Intelligent malware detection system," in SIGKDD, 2007.Google Scholar
Recommendations
Deep Android Malware Detection
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and PrivacyIn this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features ...
Smart malware detection on Android
Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
EfficientNet convolutional neural networks-based Android malware detection
AbstractOwing to the increasing number and complexity of malware threats, research on automated malware detection has become a hot topic in the field of network security. Traditional malware detection techniques require a lot of human ...
Comments