Niall McLaughlin
Ziming Zhao
ABSTRACT
In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.
- Baksmali. https://github.com/JesusFreke/smali. Accessed: 2015-02--15.Google Scholar
- Dalvik bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode.html. Accessed: 2015-02-01.Google Scholar
- RMSProp. www.cs.toronto.edu/~tijmen/csc321/slides/lecture_slides_lec6.pdf. Slide 29.Google Scholar
- Torch. http://torch.ch/.Google Scholar
- D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck. Drebin: Effective and explainable detection of android malware in your pocket. In NDSS, 2014.Google ScholarCross Ref
- C. M. Bishop. Neural networks for pattern recognition. Oxford university press, 1995. Google ScholarDigital Library
- G. Canfora, F. Mercaldo, and C. A. Visaggio. Mobile malware detection using op-code frequency histograms. In Proc.of Int. Conf. on Security and Cryptography (SECRYPT), 2015.Google ScholarDigital Library
- G. E. Dahl, J. W. Stokes, L. Deng, and D. Yu. Large-scale malware classification using random projections and neural networks. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE Int. Conf. on, pages 3422--3426, 2013.Google ScholarCross Ref
- O. E. David and N. S. Netanyahu. Deepsign: Deep learning for automatic malware signature generation and classification. In Neural Networks (IJCNN), 2015 Int. Joint Conf. on, pages 1--8, 2015.Google ScholarCross Ref
- Q. Jerome, K. Allix, R. State, and T. Engel. Using opcode-sequences to detect malicious android applications. In Communications (ICC), 2014 IEEE Int. Conf. on, pages 914--919, 2014.Google ScholarCross Ref
- B. Kang, B. Kang, J. Kim, and E. G. Im. Android malware classification method: Dalvik bytecode frequency analysis. In Proc. of the 2013 Research in Adaptive and Convergent Systems, pages 349--350, 2013. Google ScholarDigital Library
- Y. Kim. Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882, 2014.Google Scholar
- S. Liang and X. Du. Permission-combination-based scheme for android mobile malware detection. In Communications (ICC), 2014 IEEE Int. Conf. on, pages 2301--2306, 2014.Google ScholarCross Ref
- X. Liu and J. Liu. A two-layered permission-based android malware detection scheme. In Mobile Cloud Computing, Services and Engineering (MobileCloud), 2014 2nd IEEE Int. Conf. on, pages 142--148, 2014. Google ScholarDigital Library
- R. Pascanu, J. W. Stokes, H. Sanossian, M. Marinescu, and A. Thomas. Malware classification with recurrent networks. In Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE Int. Conf. on, pages 1916--1920, 2015.Google ScholarCross Ref
- B. Sanz, I. Santos, C. Laorden, X. Ugarte-Pedrero, P. G. Bringas, and G. Álvarez. Puma: Permission usage to detect malware in android. In Int. Joint Conf. CISIS'12-ICEUTE'12-SOCO'12, pages 289--298, 2013.Google ScholarCross Ref
- J. Saxe and K. Berlin. Deep neural network based malware detection using two dimensional binary program features. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pages 11--20, Oct 2015. Google ScholarDigital Library
- A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss. "andromaly": a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38(1):161--190, 2012. Google ScholarDigital Library
- A. Sharma and S. K. Dash. Mining api calls and permissions for android malware detection. In Cryptology and Network Security, pages 191--205. 2014. Google ScholarDigital Library
- K. Simonyan and A. Zisserman. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, 2014.Google Scholar
- X. Su, M. C. Chuah, and G. Tan. Smartphone dual defense protection framework: Detecting malicious applications in android markets. In Mobile Ad-hoc and Sensor Networks (MSN), 2012 Eighth Int. Conf. on, pages 153--160, 2012. Google ScholarDigital Library
- D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu. Droidmat: Android malware detection through manifest and api calls tracing. In Information Security (Asia JCIS), 2012 7th Asia Joint Conf. on, pages 62--69, 2012. Google ScholarDigital Library
- S. Y. Yerima, S. Sezer, G. McWilliams, and I. Muttik. A new android malware detection approach using bayesian classification. In Advanced Information Networking and Applications (AINA), 2013 IEEE 27th Int.l Conf. on, pages 121--128, 2013. Google ScholarDigital Library
- S. Y. Yerima, S. Sezer, and I. Muttik. Android malware detection: An eigenspace analysis approach. In Science and Information Conference (SAI), 2015, pages 1236--1242, 2015.Google ScholarCross Ref
- S. Y. Yerima, S. Sezer, and I. Muttik. High accuracy android malware detection using ensemble learning. Information Security, IET, 9(6):313--320, 2015.Google Scholar
- X. Zhang, J. Zhao, and Y. LeCun. Character-level convolutional networks for text classification. In Advances in Neural Information Processing Systems, pages 649--657, 2015. Google ScholarDigital Library
- Y. Zhang and B. Wallace. A sensitivity analysis of (and practitioners' guide to) convolutional neural networks for sentence classification. arXiv preprint arXiv:1510.03820, 2015.Google Scholar
- Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symp. on, pages 95--109, 2012. Google ScholarDigital Library
Index Terms
- Deep Android Malware Detection
Recommendations
EfficientNet convolutional neural networks-based Android malware detection
AbstractOwing to the increasing number and complexity of malware threats, research on automated malware detection has become a hot topic in the field of network security. Traditional malware detection techniques require a lot of human ...
Visualization and deep-learning-based malware variant detection using OpCode-level features
AbstractMalicious software (malware) is a major threat to the systems and networks’ security. Although anti-malware products are used to protect systems and networks against malware attacks, obfuscated malware that is capable of evading ...
Highlights- Detecting newly obfuscated malware remained a major challenge.
- Semisupervised ...
A comprehensive survey on deep learning based malware detection techniques
AbstractRecent theoretical and practical studies have revealed that malware is one of the most harmful threats to the digital world. Malware mitigation techniques have evolved over the years to ensure security. Earlier, several classical ...
Comments