Evaluating Deep Learning Classification Reliability in Android Malware Family Detection

Artificial intelligence techniques are nowadays widespread to perform a great number of classification tasks. One of the biggest controversies regarding the adoption of these techniques is related to their use as a “black box” i.e., the security analyst must trust the prediction without the possibility to understand the reason why the classifier made a certain choice. In this paper we propose a malicious family detector based on deep learning, providing a mechanism aimed to assess the prediction reliability. The proposed method obtains an accuracy of 0.98 in Android family identification. Moreover, we show how the proposed method can assist the security analyst to interpret the output classification and verify the prediction reliability by exploiting activation maps.

[1]  Eric Medvet,et al.  Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[2]  Suchi Saria,et al.  Tutorial: Safe and Reliable Machine Learning , 2019, ArXiv.

[3]  Bolei Zhou,et al.  Learning Deep Features for Discriminative Localization , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[4]  Bhavya Kailkhura,et al.  Reliable and explainable machine-learning methods for accelerated material discovery , 2019, npj Computational Materials.

[5]  Abhishek Das,et al.  Grad-CAM: Visual Explanations from Deep Networks via Gradient-Based Localization , 2016, 2017 IEEE International Conference on Computer Vision (ICCV).

[6]  Antonella Santone,et al.  Neural Networks for Lung Cancer Detection through Radiomic Features , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[7]  David Denkenberger,et al.  Classification of global catastrophic risks connected with artificial intelligence , 2018, AI & SOCIETY.

[8]  Carlos Guestrin,et al.  "Why Should I Trust You?": Explaining the Predictions of Any Classifier , 2016, ArXiv.

[9]  Franco Turini,et al.  A Survey of Methods for Explaining Black Box Models , 2018, ACM Comput. Surv..

[10]  Mark Stamp,et al.  Transfer Learning for Image-Based Malware Classification , 2019, ICISSP.

[11]  Antonella Santone,et al.  Deep learning for image-based mobile malware detection , 2020, Journal of Computer Virology and Hacking Techniques.

[12]  David Lorge Parnas The real risks of artificial intelligence , 2017, Commun. ACM.

[13]  Antonella Santone,et al.  Image-based Malware Family Detection: An Assessment between Feature Extraction and Classification Techniques , 2020, IoTBDS.

[14]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[15]  Roberto Baldoni,et al.  Survey on the Usage of Machine Learning Techniques for Malware Analysis , 2017, Comput. Secur..

[16]  Brian Mac Namee,et al.  Deep learning at the shallow end: Malware classification for non-domain experts , 2018, Digit. Investig..

[17]  Antonella Santone,et al.  Formal Methods for Android Banking Malware Analysis and Detection , 2019, 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS).

[18]  Michael R. Lyu,et al.  What is software reliability? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[19]  Georgios Kambourakis,et al.  A Survey on Mobile Malware Detection Techniques , 2020, IEICE Trans. Inf. Syst..