Evolving the Architecture and Hyperparameters of DNNs for Malware Detection

Deep Learning models have consistently provided excellent results in highly complex domains. Its deep architecture of layers allows to face problems where classical machine learning approaches fail, or simply are not able to provide good enough solutions. However, these deep models usually involve a complex topology and hyperparameters that have to be carefully defined, typically following a grid search, in order to reach the most profitable configuration. Neuroevolution presents a perfect instrument to perform an evolutionary search pursuing this configuration. Through an evolution of the hyperparameters (activation functions, initialisation methods and optimiser) and the topology of the network (number and type layers and the number of units) it is possible to deeply explore the space of solutions in order to find the most proper architecture. Among the multiple applications of this approach, in this chapter we focus on the Android malware detection problem. This domain, which has led to a large amount of research in the last decade, presents interesting characteristics which make the application of Neuroevolution a logical approach to determine the architecture which will better discern between malicious and benign applications. In this research, we leverage a modification of EvoDeep, a framework for the evolution of valid deep layers sequences, to implement this evolutionary search using a genetic algorithm as means. To assess the approach, we use the OmniDroid dataset, a large set of static and dynamic features extracted from 22,000 malicious and benign Android applications. The results show that the application of a Neuroevolution based strategy leads to build Deep Learning models which provide high accuracy rates, greater than those obtained with classical machine learning approaches.

[1]  David Camacho,et al.  Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset , 2019, Inf. Fusion.

[2]  Wei Yu,et al.  Tuning Deep Learning Performance for Android Malware Detection , 2018, 2018 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[3]  Robert H. Deng,et al.  DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  David Camacho,et al.  A new tool for static and dynamic Android malware analysis , 2018, Data Science and Knowledge Engineering for Sensing Decision Support.

[5]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[6]  Mauro Conti,et al.  ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[7]  David Camacho,et al.  CANDYMAN: Classifying Android malware families by modelling dynamic traces with Markov chains , 2018, Eng. Appl. Artif. Intell..

[8]  Yanfang Ye,et al.  DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call Blocks , 2016, WAIM Workshops.

[9]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[10]  David Camacho,et al.  MOCDroid: multi-objective evolutionary classifier for Android malware detection , 2017, Soft Comput..

[11]  Wei Wang,et al.  Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network , 2018, Journal of Ambient Intelligence and Humanized Computing.

[12]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[13]  Valery Naranjo,et al.  Evolving Deep Neural Networks architectures for Android malware classification , 2017, 2017 IEEE Congress on Evolutionary Computation (CEC).

[14]  K. P. Soman,et al.  Deep android malware detection and classification , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[15]  Dafang Zhang,et al.  A Deep Learning Approach to Android Malware Feature Learning and Detection , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[16]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[17]  Di Wu,et al.  DeepFlow: Deep learning-based malware detection by mining Android application for abnormal usage of sensitive data , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[18]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[19]  Valery Naranjo,et al.  EvoDeep: A new evolutionary approach for automatic Deep Neural Networks parametrisation , 2018, J. Parallel Distributed Comput..

[20]  Jian Zhang,et al.  Classification of Android apps and malware using deep neural networks , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[21]  Yanfang Ye,et al.  Deep4MalDroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graphs , 2016, 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW).

[22]  Xiaolei Wang,et al.  A Novel Android Malware Detection Approach Based on Convolutional Neural Network , 2018, ICCSP.

[23]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[24]  David Camacho,et al.  Genetic boosting classification for malware detection , 2016, 2016 IEEE Congress on Evolutionary Computation (CEC).

[25]  Juan E. Tapiador,et al.  ADROIT: Android malware detection using meta-information , 2016, 2016 IEEE Symposium Series on Computational Intelligence (SSCI).

[26]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[27]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.

[28]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..