ABSTRACT
With the popularity of Android mobile devices and the increase of related applications, hackers regard it as the primary attack target. Therefore, malware detection is essential nowadays, and many of these studies employ deep learning techniques. In recent years, the attention mechanism provides corresponding attention weights for different hidden states, and it is widely used in many fields, such as machine translation and image markup. However, no research has applied the attention mechanism to Android malware analysis. Hence, this paper completes the goal of malware family classification based on the static features of Android applications. We compare the difference between the original convolutional neural network (CNN) and the addition of the attention mechanism. The final experimental results show that the attention mechanism improves the accuracy of the existing CNN model by 1.99% in static opcode images. In addition, we further adopt the occlusion sensitivity method to try to explain the classification model proposed in this paper. Finally, the experimental results of model interpretation show that the classification model can effectively identify the threat behavior of malware.
- StatCounter Global Stats. 2022. Mobile Operating System Market Share Worldwide. Retrieved May 25, 2022 from https://gs.statcounter.com/os-market-share/mobile/worldwideGoogle Scholar
- DATA, G., 2022. G DATA Mobile Security Report: more than 2.5 million new malware apps for Android devices. Retrieved May 25, 2022 from https://www.gdatasoftware.com/news/2022/02/37321-g-data-mobile-security-report-more-than-25-million-new-malware-apps-for-android-devicesGoogle Scholar
- Samuel Greengard. 2016. Cybersecurity Gets Smart. Communications of the ACM, Vol. 59. Association for Computing Machinery, New York, NY. https://doi.org/10.1145/2898969Google ScholarDigital Library
- Naway, Abdelmonim and Yuancheng Li. 2018. A Review on The Use of Deep Learning in Android Malware Detection. International Journal of Computer Science and Mobile Computing, Vol. 7. arXiv. https://doi.org/10.48550/arxiv.1812.10360Google Scholar
- Nataraj, L. and Karthikeyan, S. and Jacob, G. and Manjunath, B. S. 2011. Malware Images: Visualization and Automatic Classification. In Proceedings of the 8th International Symposium on Visualization for Cyber Security. Association for Computing Machinery, New York, NY, USA, 1–7. https://doi.org/10.1145/2016904.2016908Google ScholarDigital Library
- Manzhi Yang and Qiaoyan Wen. 2017. Detecting android malware by applying classification techniques on images patterns. In Proceedings of the 2017 IEEE 2nd International Conference on Cloud Computing and Big Data Analysis (ICCCBDA). IEEE, Chengdu, China, 344-347. https://doi.org/10.1109/ICCCBDA.2017.7951936Google Scholar
- Huang, TonTon Hsien-De and Kao, Hung-Yu. 2018. R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections. In Proceedings of the 2018 IEEE International Conference on Big Data (Big Data). IEEE, Seattle, WA, USA, 2633-2642. https://doi.org/10.1109/BigData.2018.8622324Google ScholarCross Ref
- Bahdanau, Dzmitry and Cho, Kyunghyun and Bengio, Yoshua. 2015. Neural Machine Translation by Jointly Learning to Align and Translate. In Proceedings of the 3rd International Conference on Learning Representations (ICLR ’15). San Diego, US. arXiv. https://doi.org/10.48550/arXiv.1409.0473Google Scholar
- Yakura, Hiromu and Shinozaki, Shinnosuke and Nishimura, Reon and Oyama, Yoshihiro and Sakuma, Jun. 2018. Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY '18). Association for Computing Machinery, New York, NY, USA, 127–134. https://doi.org/10.1145/3176258.3176335Google ScholarDigital Library
- Ribeiro, Marco Tulio and Singh, Sameer and Guestrin, Carlos. 2016. "Why Should I Trust You?": Explaining the Predictions of Any Classifier. In Proceedings of the 2016 Conference of the North American Chapter of the Association for Computational Linguistics: Demonstrations. Association for Computational Linguistics, San Diego, California, 97–101. http://dx.doi.org/10.18653/v1/N16-3020Google ScholarCross Ref
- Matthew D. Zeiler and Rob Fergus. 2014. Visualizing and Understanding Convolutional Networks. Lecture Notes in Computer Science, Vol. 8689. Springer, Cham. https://doi.org/10.1007/978-3-319-10590-1_53Google Scholar
- Yan, Jinpei and Qi, Yong and Rao, Qifan. 2018. Detecting Malware with an Ensemble Method Based on Deep Neural Network. Security and Communication Networks, Vol. 2018, Article ID 7247095. John Wiley & Sons, Inc., https://doi.org/10.1155/2018/7247095Google Scholar
- Noor Azleen Anuar and Mohd Zaki Mas'ud and Nazrulazhar Bahamanan and Nor Azman Mat Ariff. 2020. Mobile Malware Behaviour through Opcode Analysis. International Journal of Communication Networks and Information Security (IJCNIS), Vol. 12. https://doi.org/10.17762/ijcnis.v12i3.4732Google Scholar
- McLaughlin, Niall and Martinez del Rincon, Jesus and Kang, BooJoong and Yerima, Suleiman and Miller, Paul and Sezer, Sakir and Safaei, Yeganeh and Trickel, Erik and Zhao, Ziming and Doupé, Adam and Joon Ahn, Gail. 2017. Deep Android Malware Detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17). Association for Computing Machinery, New York, NY, USA, 301–308. https://doi.org/10.1145/3029806.3029823Google ScholarDigital Library
- K. Pragadeesh Kumar and N. Jaisankar and N. Mythili. 2011. An Efficient Technique for Detection of Suspicious Malicious Web Site. Journal of Advances in Information Technology, Vol. 2. http://dx.doi.org/10.4304/jait.2.4.217-221Google Scholar
Index Terms
- A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation
Recommendations
Deep Android Malware Detection
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and PrivacyIn this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features ...
The Improved Inception Networks based on Attention Mechanism
ICIIP '23: Proceedings of the 2023 8th International Conference on Intelligent Information ProcessingDeep learning is a machine learning method and it have enabled major progresses in image, natural language process and other more various and wide fields. Inception is a classic deep learning module included in Google net and it has good performance in ...
An adaptive semi-supervised deep learning-based framework for the detection of Android malware
Positive developments in smartphone usage have led to an increase in malicious attacks, particularly targeting Android mobile devices. Android has been a primary target for malware exploiting security vulnerabilities due to the presence of critical ...
Comments