Identifying Malicious Software Using Deep Residual Long-Short Term Memory

The use of smartphone applications based on the Android OS platform is rapidly growing among smartphone users. However, malicious apps for Android are being developed to perform attacks, such as destroying operating systems, stealing confidential data, gathering personal information, and hijacking or encrypting sensitive data. Several malware detection systems based on machine learning have been developed and deployed to extract a variety of features to prevent such attacks. However, new efficient detection methods are needed to extract complex features and hidden structures from malicious apps to detect malware. This paper proposes a novel framework, namely, MalResLSTM, based on deep residual long short-term memory to identify and classify malware variants. The framework imposes a set of constraints on the deep learning architecture to capture dependencies between the extracted features from the Android package kit (APK) file. These feature sets are mapped to a vector space to process the input sequence using a sequence model based on the residual LSTM network. To evaluate the performance of the proposed framework, several experiments are conducted on the Drebin dataset, which contains 129,013 applications. The results demonstrate that MalResLSTM can achieve a 99.32% detection accuracy and outperforms previous algorithms. An extensive experimental analysis was conducted, which included machine-learning-based algorithms and a variety of deep learning-based algorithms, to evaluate the efficiency and robustness of our proposed framework.

[1]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[2]  James B. Fraley,et al.  Polymorphic malware detection using topological feature extraction with data mining , 2016, SoutheastCon 2016.

[3]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..

[4]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[5]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  Mark Stamp,et al.  A Comparative Analysis of Android Malware , 2019, ICISSP.

[7]  Joon Ahn Deep Android Malware Detection , 2016 .

[8]  S. Sibi Chakkaravarthy,et al.  A Survey on malware analysis and mitigation techniques , 2019, Comput. Sci. Rev..

[9]  Yong Wang,et al.  MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics , 2019, Comput. Secur..

[10]  Zhenkai Liang,et al.  Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android , 2016, IEEE Transactions on Information Forensics and Security.

[11]  Tommy Chin,et al.  A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection , 2019, IEEE Access.

[12]  Heejo Lee,et al.  Entropy analysis to classify unknown packing algorithms for malware detection , 2016, International Journal of Information Security.

[13]  K. P. Soman,et al.  Robust Intelligent Malware Detection Using Deep Learning , 2019, IEEE Access.

[14]  Mourad Debbabi,et al.  MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports , 2018, Digit. Investig..

[15]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[16]  Yanfang Ye,et al.  DL 4 MD : A Deep Learning Framework for Intelligent Malware Detection , 2016 .

[17]  Irfan-Ullah Awan,et al.  CloudIntell: An intelligent malware detection system , 2017, Future Gener. Comput. Syst..

[18]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[19]  Stephen D. Gantz,et al.  FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security , 2012 .

[20]  Ponciano Jorge Escamilla-Ambrosio,et al.  Feature selection and ensemble of classifiers for Android malware detection , 2016, 2016 8th IEEE Latin-American Conference on Communications (LATINCOM).

[21]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[22]  Roberto Baldoni,et al.  Survey on the Usage of Machine Learning Techniques for Malware Analysis , 2017, Comput. Secur..

[23]  John C. S. Lui,et al.  Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[24]  Jintao Liu,et al.  Adversarial Examples for CNN-Based Malware Detectors , 2019, IEEE Access.

[25]  Witawas Srisa-an,et al.  SigPID: significant permission identification for android malware detection , 2016, 2016 11th International Conference on Malicious and Unwanted Software (MALWARE).

[26]  Xinwen Fu,et al.  Towards Neural Network Based Malware Detection on Android Mobile Devices , 2014, Cybersecurity Systems for Human Cognition Augmentation.

[27]  William H. Sanders,et al.  Secloud: A cloud-based comprehensive and lightweight security solution for smartphones , 2013, Comput. Secur..

[28]  Qiguang Miao,et al.  Malware detection using bilayer behavior abstraction and improved one-class support vector machines , 2015, International Journal of Information Security.

[29]  Yunsick Sung,et al.  Long short-term memory-based Malware classification method for information security , 2019, Comput. Electr. Eng..

[30]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[31]  Ravi S. Sandhu,et al.  Malware Detection in Cloud Infrastructures Using Convolutional Neural Networks , 2018, 2018 IEEE 11th International Conference on Cloud Computing (CLOUD).

[32]  Arun Kumar Sangaiah,et al.  Android malware detection based on system call sequences and LSTM , 2019, Multimedia Tools and Applications.

[33]  Yong Tang,et al.  Signature Tree Generation for Polymorphic Worms , 2011, IEEE Transactions on Computers.

[34]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[35]  Rajkumar Buyya,et al.  CloudEyes: Cloud‐based malware detection with reversible sketch for resource‐constrained internet of things (IoT) devices , 2017, Softw. Pract. Exp..

[36]  K. P. Soman,et al.  Detecting Android malware using Long Short-term Memory (LSTM) , 2018, J. Intell. Fuzzy Syst..

[37]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[38]  Shahid Alam,et al.  DroidNative: Automating and optimizing detection of Android native code malware variants , 2017, Comput. Secur..

[39]  Aziz Mohaisen,et al.  Detecting and classifying method based on similarity matching of Android malware behavior with profile , 2016, SpringerPlus.

[40]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[41]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[42]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[43]  Bin Luo,et al.  Real-Time Behavior Analysis and Identification for Android Application , 2018, IEEE Access.

[44]  Mauro Conti,et al.  ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[45]  Sakir Sezer,et al.  High accuracy android malware detection using ensemble learning , 2015, IET Inf. Secur..

[46]  S. Sitharama Iyengar,et al.  A Survey on Malware Detection Using Data Mining Techniques , 2017, ACM Comput. Surv..

[47]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[48]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[49]  R. T. Goswami,et al.  DMDAM: Data Mining Based Detection of Android Malware , 2017 .

[50]  Victor Chang,et al.  Mobile malware attacks: Review, taxonomy & future directions , 2019, Future Gener. Comput. Syst..

[51]  Rahil Hosseini,et al.  A state-of-the-art survey of malware detection approaches using data mining techniques , 2018, Human-centric Computing and Information Sciences.