Skip to main content
SpringerLink
Log in

Evolving the Architecture and Hyperparameters of DNNs for Malware Detection

  • Chapter
  • First Online:
Deep Neural Evolution

Part of the book series: Natural Computing Series ((NCS))

Abstract

Deep Learning models have consistently provided excellent results in highly complex domains. Its deep architecture of layers allows to face problems where classical machine learning approaches fail, or simply are not able to provide good enough solutions. However, these deep models usually involve a complex topology and hyperparameters that have to be carefully defined, typically following a grid search, in order to reach the most profitable configuration. Neuroevolution presents a perfect instrument to perform an evolutionary search pursuing this configuration. Through an evolution of the hyperparameters (activation functions, initialisation methods and optimiser) and the topology of the network (number and type layers and the number of units) it is possible to deeply explore the space of solutions in order to find the most proper architecture. Among the multiple applications of this approach, in this chapter we focus on the Android malware detection problem. This domain, which has led to a large amount of research in the last decade, presents interesting characteristics which make the application of Neuroevolution a logical approach to determine the architecture which will better discern between malicious and benign applications. In this research, we leverage a modification of EvoDeep, a framework for the evolution of valid deep layers sequences, to implement this evolutionary search using a genetic algorithm as means. To assess the approach, we use the OmniDroid dataset, a large set of static and dynamic features extracted from 22,000 malicious and benign Android applications. The results show that the application of a Neuroevolution based strategy leads to build Deep Learning models which provide high accuracy rates, greater than those obtained with classical machine learning approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/alexMyG/AndroPyTool.

  2. 2.

    https://github.com/alexMyG/AndroPyTool.

  3. 3.

    https://github.com/pjlantz/droidbox.

  4. 4.

    https://keras.io.

References

  1. Martín, A., Fuentes-Hurtado, F., Naranjo, V., Camacho, D.: Evolving deep neural networks architectures for android malware classification. In: 2017 IEEE Congress on Evolutionary Computation (CEC), pp. 1659–1666. IEEE, Piscataway (2017)

    Google Scholar 

  2. Martín, A., Lara-Cabrera, R., Fuentes-Hurtado, F., Naranjo, V., Camacho, D.: EvoDeep: a new evolutionary approach for automatic deep neural networks parametrisation. J. Parallel Distrib. Comput. 117, 180–191 (2018)

    Article  Google Scholar 

  3. Martín, A., Lara-Cabrera, R., Camacho, D.: Android malware detection through hybrid features fusion and ensemble classifiers: the AndroPyTool framework and the OmniDroid dataset. Inform. Fusion 52, 128–142 (2019)

    Article  Google Scholar 

  4. Martín, A., Calleja, A., Menéndez, H.D., Tapiador, J., Camacho, D.: Adroit: Android malware detection using meta-information. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–8. IEEE, Piscataway (2016)

    Google Scholar 

  5. Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1105–1116. ACM, New York (2014)

    Google Scholar 

  6. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., CERT Siemens: DREBIN: Effective and explainable detection of android malware in your pocket. In: 2014 Network and Distributed System Security (NDSS) Symposium, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  7. Martín, A., Rodríguez-Fernández, V., Camacho, D.: CANDYMAN: classifying android malware families by modelling dynamic traces with Markov chains. Eng. Appl. Artif. Intell. 74, 121–133 (2018)

    Article  Google Scholar 

  8. Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in android malware detection. SIGCOMM Comput. Commun. Rev. 44(4), 371–372 (2014)

    Article  Google Scholar 

  9. Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21(1), 114–123 (2016)

    Article  Google Scholar 

  10. Su, X., Zhang, D., Li, W., Zhao, K.: A deep learning approach to android malware feature learning and detection. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 244–251. IEEE, Piscataway (2016)

    Google Scholar 

  11. Hou, S., Saas, A., Ye, Y., Chen, L.: DroidDelver: An android malware detection system using deep belief network based on API call blocks . In: International Conference on Web-Age Information Management, pp. 54–66. Springer, Berlin (2016)

    Chapter  Google Scholar 

  12. Zhu, D., Jin, H., Yang, Y., Wu, D., Chen, W.: DeepFlow: Deep learning-based malware detection by mining android application for abnormal usage of sensitive data. In: 2017 IEEE Symposium on Computers and Communications (ISCC), pp. 438–443. IEEE, Piscataway (2017)

    Google Scholar 

  13. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices 49(6), 259–269 (2014)

    Article  Google Scholar 

  14. Fereidooni, H., Conti, M., Yao, D., Sperduti, A.: ANASTASIA: ANdroid mAlware detection using STatic analySIs of applications. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE, Piscataway (2016)

    Google Scholar 

  15. Hou, S., Saas, A., Chen, L., Ye, Y.: Deep4MalDroid: A deep learning framework for android malware detection based on Linux kernel system call graphs. In: 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), pp. 104–111. IEEE, Piscataway (2016)

    Google Scholar 

  16. Kim, T., Kang, B., Rho, M., Sezer, S., Gyu Im, E.: A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inform. Foren. Sec. 14(3), 773–788 (2018)

    Article  Google Scholar 

  17. McLaughlin, N., Martinez del Rincon, J., Kang, B., Yerima, S., Miller, P., Sezer, S., Safaei, Y., Trickel, E., Zhao, Z., Doupé, A., et al.: Deep android malware detection. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 301–308. ACM, New York (2017)

    Google Scholar 

  18. Zhang, Y., Yang, Y., Wang, X.: A novel android malware detection approach based on convolutional neural network. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 144–149. ACM, New York (2018)

    Google Scholar 

  19. Wang, W., Zhao, M., Wang, J.: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J. Amb. Intel. Hum. Comp. 10(8), 3035–3043 (2019)

    Article  Google Scholar 

  20. Nix, R., Zhang, J.: Classification of android apps and malware using deep neural networks. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 1871–1878. IEEE, Piscataway (2017)

    Google Scholar 

  21. Xu, K., Li, Y., Deng, R.H., Chen, K.: DeepRefiner: Multi-layer android malware detection system applying deep neural networks. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 473–487. IEEE, Piscataway (2018)

    Google Scholar 

  22. Vinayakumar, R., Soman, K.P., Poornachandran, P.: Deep android malware detection and classification. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1677–1683. IEEE, Piscataway (2017)

    Google Scholar 

  23. Karbab, E.B., Debbabi, M., Derhab, A., Mouheb, D.: MalDozer: automatic framework for android malware detection using deep learning. Digit. Invest. 24, S48–S59 (2018)

    Article  Google Scholar 

  24. Booz, J., McGiff, J., Hatcher, W.G., Yu, W., Nguyen, J., Lu, C.: Tuning deep learning performance for android malware detection. In: 2018 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 140–145. IEEE, Piscataway (2018)

    Google Scholar 

  25. Martín, A., Menéndez, H.D., Camacho, D.: MOCDroid: multi-objective evolutionary classifier for Android malware detection. Soft Comput. 21(24), 7405–7415 (2017)

    Article  Google Scholar 

  26. Martin, A., Menéndez, H.D., Camacho, D.: Genetic boosting classification for malware detection. In: 2016 IEEE Congress on Evolutionary Computation (CEC), pp. 1030–1037. IEEE, Piscataway (2016)

    Google Scholar 

  27. Martín, A., Lara-Cabrera, R., Camacho, D.: A new tool for static and dynamic android malware analysis. In: Data Science and Knowledge Engineering for Sensing Decision Support, pp. 509–516 (2018)

    Google Scholar 

  28. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., et al.: Scikit-learn: machine learning in python. J. Machine Learn. Resea. 12(Oct), 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

This work has been supported by several research grants: Spanish Ministry of Science and Education under TIN2014-56494-C4-4-P grant (DeepBio) and Comunidad Autónoma de Madrid under P2018/TCS-4566 grant (CYNAMON).

Author information

Authors and Affiliations

  1. Departamento de Sistemas Informáticos, Universidad Politécnica de Madrid, Madrid, Spain

    Alejandro Martín & David Camacho

Authors
  1. Alejandro Martín
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Camacho
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alejandro Martín .

Editor information

Editors and Affiliations

  1. Graduate School of Information Science and Technology, The University of Tokyo, Tokyo, Japan

    Hitoshi Iba

  2. School of Electrical Engineering and Computing, The University of Newcastle, Callaghan, NSW, Australia

    Nasimul Noman

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Martín, A., Camacho, D. (2020). Evolving the Architecture and Hyperparameters of DNNs for Malware Detection. In: Iba, H., Noman, N. (eds) Deep Neural Evolution. Natural Computing Series. Springer, Singapore. https://doi.org/10.1007/978-981-15-3685-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-3685-4_13

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-3684-7

  • Online ISBN: 978-981-15-3685-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation