skip to main content
10.1145/3345768.3355915acmconferencesArticle/Chapter ViewAbstractPublication PagesmswimConference Proceedingsconference-collections
research-article

A Transparent and Multimodal Malware Detection Method for Android Apps

Published: 25 November 2019 Publication History

Abstract

While recent works have shown that deep learning method can improve the malware classification accuracy, the lack of the transparency has restricted its application in anti-virus scan engines. Existing researches have attempted to provide solutions to give high-fidelity explanations of the model's decision. However, current methods are not optimized for application security task, leading to a poor performance in Android malware detection. In this paper, we propose a backtracking method to infer suspicious features of the apps to explain the reason of classification. Besides, we also propose a malware detection model based on the fusion convolutional neural network using different types of features (e.g., permission, API, URL, etc.). For maximizing the benefits of encompassing multiple feature types, our framework trains the sub-models for each type of features separately and merges them at the end of the system to obtain a comprehensive classification result. The experimental results show that the backtracking method has a significant improvement in fidelity level compared with existing methods. Furthermore, we evaluate the performance of the proposed framework with other existing works. Leveraging the backtracking method, our framework has better performance in classification and significantly reduces detection time by 69% compared with prior approaches.

References

[1]
Mart'in Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, et almbox. 2016. Tensorflow: A system for large-scale machine learning. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 265--283.
[2]
Joey Allen, Matthew Landen, Sanya Chaba, Yang Ji, Simon Pak Ho Chung, and Wenke Lee. 2018. Improving Accuracy of Android Malware Detection with Lightweight Contextual Awareness. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC). ACM, 210--221.
[3]
Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, and CERT Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS) . 23--26.
[4]
Yoshua Bengio, Réjean Ducharme, Pascal Vincent, and Christian Jauvin. 2003. A neural probabilistic language model. Journal of machine learning research, Vol. 3, 2 (2003), 1137--1155.
[5]
Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM, 15--26.
[6]
Davide Castelvecchi. 2016. Can we open the black box of AI? https://www.nature.com/news/can-we-open-the-black-box-of-ai-1.20731
[7]
Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu. 2016. Stormdroid: A streaminglized machine learning-based system for detecting android malware. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (AsiaCCS). ACM, 377--388.
[8]
Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour Ahmadi, Johannes Kinder, and Lorenzo Cavallaro. 2016. Droidscribe: Classifying android malware based on runtime behavior. In 2016 IEEE Security and Privacy Workshops (SPW). IEEE, 252--261.
[9]
Ming Fan, Jun Liu, Xiapu Luo, Kai Chen, Zhenzhou Tian, Qinghua Zheng, and Ting Liu. 2018. Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Transactions on Information Forensics and Security (TIFS), Vol. 13, 8 (2018), 1890--1905.
[10]
Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, Guillermo Suarez-Tangil, and Steven Furnell. 2017. Androdialysis: Analysis of android intent effectiveness in malware detection. computers & security, Vol. 65 (2017), 121--134.
[11]
Yu Feng, Osbert Bastani, Ruben Martins, Isil Dillig, and Saswat Anand. 2017. Automatically learning android malware signatures from few samples. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS) .
[12]
Joshua Garcia, Mahmoud Hammad, and Sam Malek. 2018. Lightweight, obfuscation-resilient detection and family identification of Android malware. ACM Transactions on Software Engineering and Methodology (TOSEM), Vol. 26, 3 (2018), 11.
[13]
Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, and Xinyu Xing. 2018. Lemna: Explaining deep learning based security applications. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 364--379.
[14]
Geoffrey Hinton, Oriol Vinyals, and Jeff Dean. 2015. Distilling the knowledge in a neural network. arXiv preprint arXiv:1503.02531 (2015).
[15]
Shifu Hou, Yanfang Ye, Yangqiu Song, and Melih Abdulhayoglu. 2017. Hindroid: An intelligent android malware detection system based on structured heterogeneous information network. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD). ACM, 1507--1515.
[16]
TonTon Hsien-De Huang and Hung-Yu Kao. 2018. R2-d2: Color-inspired convolutional neural network cnn-based android malware detections. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 2633--2642.
[17]
Roberto Jordaney, Kumar Sharad, Santanu K Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting concept drift in malware classification models. In 26th USENIX Security Symposium (USENIX Security 17). 625--642.
[18]
TaeGuen Kim, BooJoong Kang, Mina Rho, Sakir Sezer, and Eul Gyu Im. 2019. A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. IEEE Transactions on Information Forensics and Security (TIFS), Vol. 14, 3 (2019), 773--788.
[19]
Bojan Kolosnjaji, Ghadir Eraisha, George Webster, Apostolis Zarras, and Claudia Eckert. 2017. Empowering convolutional networks for malware classification and analysis. In 2017 International Joint Conference on Neural Networks (IJCNN). IEEE, 3838--3845.
[20]
360 Security Lab. 2018a. 360 Security Guards. https://www.360.cn/
[21]
Kaspersky Lab. 2018b. Kaspersky Lab. https://www.kaspersky.com.cn/
[22]
Jin Li, Lichao Sun, Qiben Yan, Zhiqiang Li, Witawas Srisa-an, and Heng Ye. 2018. Significant permission identification for machine-learning-based android malware detection. IEEE Transactions on Industrial Informatics, Vol. 14, 7 (2018), 3216--3225.
[23]
Martina Lindorfer, Matthias Neugschwandtner, and Christian Platzer. 2015. Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis. In 2015 IEEE 39th Annual Computer Software and Applications Conference (ACSAC). IEEE, 422--433.
[24]
Scott M Lundberg and Su-In Lee. 2017. A unified approach to interpreting model predictions. In Advances in Neural Information Processing Systems. ACM, 4765--4774.
[25]
McAfee. 2019. McAfee Mobile Threat Report. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2019.pdf
[26]
Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupe, et almbox. 2017. Deep android malware detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CDASP). ACM, 301--308.
[27]
Vinod Nair and Geoffrey E Hinton. 2010. Rectified linear units improve restricted boltzmann machines. In Proceedings of the 27th international conference on machine learning (ICML). ICMLPO, 807--814.
[28]
Vinod P Nair, Harshit Jain, Yashwant K Golecha, Manoj Singh Gaur, and Vijay Laxmi. 2010. Medusa: Metamorphic malware dynamic analysis usingsignature from api. In Proceedings of the 3rd International Conference on Security of Information and Networks (ICSIN) . ACM, 263--269.
[29]
Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, and Heng Yin. 2017. Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS) .
[30]
Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. Why should i trust you?: Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining . ACM, 1135--1144.
[31]
J-Michael Roberts. 2011. Virus Share.(2011). URL https://virusshare. com (2011).
[32]
Sankardas Roy, Jordan DeLoach, Yuping Li, Nic Herndon, Doina Caragea, Xinming Ou, Venkatesh Prasad Ranganath, Hongmin Li, and Nicolais Guevara. 2015. Experimental study with real-world data for android app security analysis using machine learning. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC). ACM, 81--90.
[33]
Joshua Saxe and Konstantin Berlin. 2015. Deep neural network based malware detection using two dimensional binary program features. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE) . IEEE, 11--20.
[34]
Joshua Saxe and Konstantin Berlin. 2017. eXpose: A character-level convolutional neural network with embeddings for detecting malicious URLs, file paths and registry keys. arXiv preprint arXiv:1702.08568 (2017).
[35]
Yuru Shao, Xiapu Luo, Chenxiong Qian, Pengfei Zhu, and Lei Zhang. 2014. Towards a scalable resource-driven approach for detecting repackaged Android applications. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC). ACM, 56--65.
[36]
Christian Spieler. 2009. UnZip. http://infozip.sourceforge.net/UnZip.html
[37]
Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: a simple way to prevent neural networks from overfitting. The Journal of Machine Learning Research (JMLR), Vol. 15, 1 (2014), 1929--1958.
[38]
Connor Tumbleson and Ryszard Winiewski. 2019. APKTOOL. https://ibotpeaches.github.io/Apktool/
[39]
Chengcheng Wang and Yuqing Lan. 2017. PFESG: Permission-based Android Malware Feature Extraction Algorithm. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing (CNCC) . ACM, 106--109.
[40]
Wei Wang, Mengxue Zhao, and Jigang Wang. 2018. Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. Journal of Ambient Intelligence and Humanized Computing (JAIHC) (2018), 1--9.
[41]
Zhenlong Yuan, Yongqiang Lu, Zhaoguo Wang, and Yibo Xue. 2014. Droid-sec: deep learning in android malware detection. In ACM SIGCOMM Computer Communication Review (CCR). ACM, 371--372.
[42]
Jixin Zhang, Kehuan Zhang, Zheng Qin, Hui Yin, and Qixin Wu. 2018. Sensitive system calls based packed malware variants detection using principal component initialized MultiLayers neural networks. Cybersecurity, Vol. 1, 1 (2018), 10.
[43]
Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao. 2014. Semantics-aware android malware classification using weighted contextual api dependency graphs. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security (CCS). ACM, 1105--1116.

Cited By

View all
  • (2024)A Novel Knowledge Search Structure for Android Malware DetectionIEEE Transactions on Services Computing10.1109/TSC.2024.3496333(1-14)Online publication date: 2024
  • (2024)A Systematic Literature Review of Multimodal Analysis Techniques for Malware Detection2024 5th International Conference on Smart Sensors and Application (ICSSA)10.1109/ICSSA62312.2024.10788667(1-6)Online publication date: 10-Sep-2024
  • (2024)AMN: Attention-based Multimodal Network for Android Malware Classification2024 IEEE International Conference on Cybernetics and Intelligent Systems (CIS) and IEEE International Conference on Robotics, Automation and Mechatronics (RAM)10.1109/CIS-RAM61939.2024.10672730(7-13)Online publication date: 8-Aug-2024
  • Show More Cited By

Index Terms

  1. A Transparent and Multimodal Malware Detection Method for Android Apps

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    MSWIM '19: Proceedings of the 22nd International ACM Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems
    November 2019
    340 pages
    ISBN:9781450369046
    DOI:10.1145/3345768
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 25 November 2019

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. android malware detection
    2. backtracking
    3. convolutional neural network
    4. transparency

    Qualifiers

    • Research-article

    Funding Sources

    • the Youth Star project of the Institute of Information Engineering, CAS
    • the National Natural Science Foundation of China
    • the National Key Research and Development Program of China

    Conference

    MSWiM '19
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 398 of 1,577 submissions, 25%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)55
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)A Novel Knowledge Search Structure for Android Malware DetectionIEEE Transactions on Services Computing10.1109/TSC.2024.3496333(1-14)Online publication date: 2024
    • (2024)A Systematic Literature Review of Multimodal Analysis Techniques for Malware Detection2024 5th International Conference on Smart Sensors and Application (ICSSA)10.1109/ICSSA62312.2024.10788667(1-6)Online publication date: 10-Sep-2024
    • (2024)AMN: Attention-based Multimodal Network for Android Malware Classification2024 IEEE International Conference on Cybernetics and Intelligent Systems (CIS) and IEEE International Conference on Robotics, Automation and Mechatronics (RAM)10.1109/CIS-RAM61939.2024.10672730(7-13)Online publication date: 8-Aug-2024
    • (2023)Android Malware Detection Methods Based on Convolutional Neural Network: A SurveyIEEE Transactions on Emerging Topics in Computational Intelligence10.1109/TETCI.2023.32818337:5(1330-1350)Online publication date: Oct-2023
    • (2023)Generating Sparse Explanations for Malicious Android Opcode Sequences using Hierarchical LIMEComputers & Security10.1016/j.cose.2023.103637(103637)Online publication date: Dec-2023
    • (2023)Evaluating Rule-Based Global XAI Malware Detection MethodsNetwork and System Security10.1007/978-3-031-39828-5_1(3-22)Online publication date: 7-Aug-2023
    • (2023)A Survey of Android Malware Detection Based on Deep LearningMachine Learning for Cyber Security10.1007/978-3-031-20096-0_18(228-242)Online publication date: 13-Jan-2023
    • (2022)A Deep Learning Method for Android Application Classification Using Semantic FeaturesSecurity and Communication Networks10.1155/2022/12891752022Online publication date: 1-Jan-2022
    • (2022)Deep Learning for Android Malware Defenses: A Systematic Literature ReviewACM Computing Surveys10.1145/354496855:8(1-36)Online publication date: 22-Jun-2022
    • (2022)Explainable Artificial Intelligence in CyberSecurity: A SurveyIEEE Access10.1109/ACCESS.2022.320417110(93575-93600)Online publication date: 2022
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media