Learning to detect Android malware via opcode sequences

Abstract A large number of Android malware samples can be deployed as the variants of the previously known samples. In consequence, a classification system capable of supporting a large set of samples is required to secure Android platform. Although a large set of variants requires scalability for automatic detection and classification, it also presents a significant advantage about a richer dataset at the stage of discovering underlying malicious activities and extracting representative features. Deep Neural Networks are built by a complex structure of layers whose parameters can be tuned and trained in order to enhance classification statistical metric results. Emerging parallelization computing tools and processors reduce computation time. In this paper, we propose a deep learning Android malware detection method using features extracted from instruction call graphs. The presented method examines all possible execution paths and the balanced dataset improves deep neural learning benign execution paths versus malicious paths. Since there is not a publicly available model for Android malware detection, we train deep networks from scratch. Then, we apply a grid search method to seek the optimal parameters of the network and to discover the combination of the hyper-parameters, which maximizes the statistical metric values. To validate the effectiveness of the proposed method, we evaluate with a balanced dataset constituted by 24,650 malicious and 25,000 benign samples. We evaluate the deep network architecture with respect to different parameters and compare the statistical metric values including runtime with respect to baseline classifiers. Our experimental results show that the presented malware detection is reached at 91.42% level in accuracy and 91.91% in F-measure, respectively.

[1]  Sankardas Roy,et al.  Deep Ground Truth Analysis of Current Android Malware , 2017, DIMVA.

[2]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[3]  Deniz Yuret,et al.  Transfer Learning for Low-Resource Neural Machine Translation , 2016, EMNLP.

[4]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[5]  Xiaolin Deng,et al.  Android malware detection method based on naive Bayes and permission correlation algorithm , 2017, Cluster Computing.

[6]  Shu-Tao Xia,et al.  Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences , 2017, IET Inf. Secur..

[7]  Aziz Mohaisen,et al.  Android Malware Detection Using Complex-Flows , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[8]  Barbara G. Ryder,et al.  Detection of Repackaged Android Malware with Code-Heterogeneity Features , 2020, IEEE Transactions on Dependable and Secure Computing.

[9]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[10]  Fabio Martinelli,et al.  Evaluating Convolutional Neural Network for Effective Mobile Malware Detection , 2017, KES.

[11]  Mohammad Nauman,et al.  Deep neural architectures for large scale android malware analysis , 2017, Cluster Computing.

[12]  Fei-Fei Li,et al.  Large-Scale Video Classification with Convolutional Neural Networks , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[13]  Yurong Liu,et al.  A survey of deep neural network architectures and their applications , 2017, Neurocomputing.

[14]  Arun Kumar Sangaiah,et al.  Android malware detection based on system call sequences and LSTM , 2019, Multimedia Tools and Applications.

[15]  Simone Atzeni,et al.  Evaluation of Android Malware Detection Based on System Calls , 2016, IWSPA@CODASPY.

[16]  Tankut Acarman,et al.  Malware classification based on API calls and behaviour analysis , 2017, IET Inf. Secur..

[17]  Mahmood Yousefi-Azar,et al.  Autoencoder-based feature learning for cyber security applications , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[18]  Yiming Yang,et al.  An Evaluation of Statistical Approaches to Text Categorization , 1999, Information Retrieval.

[19]  Gianluca Stringhini,et al.  MaMaDroid , 2019, ACM Trans. Priv. Secur..

[20]  Tankut Acarman,et al.  A dynamic malware analyzer against virtual machine aware malicious software , 2014, Secur. Commun. Networks.

[21]  Dafang Zhang,et al.  Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion , 2017, Secur. Commun. Networks.

[22]  Jiyong Jang,et al.  Android Malware Clustering through Malicious Payload Mining , 2017, RAID.

[23]  Tankut Acarman,et al.  Ensemble Machine Learning Approach for Android Malware Classification Using Hybrid Features , 2017, CORES.

[24]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[25]  Yanfang Ye,et al.  DroidDelver: An Android Malware Detection System Using Deep Belief Network Based on API Call Blocks , 2016, WAIM Workshops.

[26]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[27]  Curtis B. Storlie,et al.  Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.

[28]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[29]  Valery Naranjo,et al.  Evolving Deep Neural Networks architectures for Android malware classification , 2017, 2017 IEEE Congress on Evolutionary Computation (CEC).

[30]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[31]  Ming Fan,et al.  DAPASA: Detecting Android Piggybacked Apps Through Sensitive Subgraph Analysis , 2017, IEEE Transactions on Information Forensics and Security.

[32]  David Camacho,et al.  MOCDroid: multi-objective evolutionary classifier for Android malware detection , 2017, Soft Comput..

[33]  Xinxin Niu,et al.  Computing Adaptive Feature Weights with PSO to Improve Android Malware Detection , 2017, Secur. Commun. Networks.

[34]  Ali Feizollah,et al.  Evaluation of machine learning classifiers for mobile malware detection , 2014, Soft Computing.

[35]  Tankut Acarman,et al.  Android Malware Classification by Applying Online Machine Learning , 2016, ISCIS.

[36]  Altyeb Altaher,et al.  An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features , 2017, Neural Computing and Applications.

[37]  M. N. Sulaiman,et al.  A Review On Evaluation Metrics For Data Classification Evaluations , 2015 .

[38]  Jian Zhang,et al.  Classification of Android apps and malware using deep neural networks , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).