research-article
Authors: Stuart Millar, Niall McLaughlin, Jesus Martinez del Rincon, Paul Miller, and Ziming Zhao
CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy
March 2020
Pages 353 - 364
Published: 16 March 2020 Publication History
- 33citation
- 647
- Downloads
Metrics
Total Citations33Total Downloads647Last 12 Months74
Last 6 weeks5
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
Manage my Alerts
New Citation Alert!
Please log in to your account
Get Access
- Get Access
- References
- Media
- Tables
- Share
Abstract
We present DANdroid, a novel Android malware detection model using a deep learning Discriminative Adversarial Network (DAN) that classifies both obfuscated and unobfuscated apps as either malicious or benign. Our method, which we empirically demonstrate is robust against a selection of four prevalent and real-world obfuscation techniques, makes three contributions. Firstly, an innovative application of discriminative adversarial learning results in malware feature representations with a strong degree of resilience to the four obfuscation techniques. Secondly, the use of three feature sets; raw opcodes, permissions and API calls, that are combined in a multi-view deep learning architecture to increase this obfuscation resilience. Thirdly, we demonstrate the potential of our model to generalize over rare and future obfuscation methods not seen in training. With an overall dataset of 68,880 obfuscated and unobfuscated malicious and benign samples, our multi-view DAN model achieves an average F-score of 0.973 that compares favourably with the state-of-the-art, despite being exposed to the selected obfuscation methods applied both individually and in combination.
References
[1]
Yousra Aafer, Wenliang Du, and Heng Yin. 2014. DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android.
[2]
Mohammed K. Alzaylaee, Suleiman Y. Yerima, and Sakir Sezer. 2017. EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning. In Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics (IWSPA '17). 65--72. http://doi.acm.org/10.1145/3041008.3041010
Digital Library
[3]
Apktool. 2019. Apktool - a tool for reverse engineering 3rd party, closed, binary Android aps . https://ibotpeaches.github.io/Apktool/. (2019).
[4]
Axelle Apvrille and Tim Strazzerer. 2012. Reducing the Window of Opportunity for Android Malware Gotta catch 'em all. In Journal in Computer Virology Vol. 8. 61--71.
[5]
Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, and Konrad Rieck. 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS . The Internet Society. http://dblp.uni-trier.de/db/conf/ndss/ndss2014.html#ArpSHGR14
[6]
Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based Malware Detection System for Android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '11). 15--26.
Digital Library
[7]
Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu. 2016b. StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS '16). 377--388.
Digital Library
[8]
Wei Chen, David Aspinall, Andrew D. Gordon, Charles Sutton, and Igor Muttik. 2016a. More Semantics More Robust: Improving Android Malware Classifiers. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '16). 147--158.
Digital Library
[9]
A. Demontis, M. Melis, B. Biggio, D. Maiorca, D. Arp, K. Rieck, I. Corona, G. Giacinto, and F. Roli. 2018. Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection. IEEE Transactions on Dependable and Secure Computing (2018), 1--1.
[10]
DexGuard. 2019. DexGuard . https://www.guardsquare.com/en/products/dexguard . (2019).
[11]
DexProtector. 2019. DexProtector . https://dexprotector.com . (2019).
[12]
M. Fan, J. Liu, X. Luo, K. Chen, Z. Tian, Q. Zheng, and T. Liu. 2018. Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis. IEEE Transactions on Information Forensics and Security, Vol. 13, 8 (2018), 1890--1905.
[13]
Yaroslav Ganin, Evgeniya Ustinova, Hana Ajakan, Pascal Germain, Hugo Larochelle, Franccois Laviolette, Mario Marchand, and Victor Lempitsky. 2016. Domain-adversarial Training of Neural Networks. J. Mach. Learn. Res., Vol. 17, 1 (Jan. 2016), 2096--2030. http://dl.acm.org/citation.cfm?id=2946645.2946704
Digital Library
[14]
Joshua Garcia, Mahmoud Hammad, and Sam Malek. 2018. Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware. ACM Trans. Softw. Eng. Methodol., Vol. 26, 3, Article 11 (Jan. 2018), bibinfonumpages29 pages.
Digital Library
[15]
Hugo Gascon, Fabian Yamaguchi, Daniel Arp, and Konrad Rieck. 2013. Structural Detection of Android Malware Using Embedded Call Graphs. In Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security (AISec '13). 45--54.
Digital Library
[16]
Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative Adversarial Nets. Advances in Neural Information Processing Systems 27, Z. Ghahramani, M. Welling, C. Cortes, N. D. Lawrence, and K. Q. Weinberger (Eds.). Curran Associates, Inc., 2672--2680. http://papers.nips.cc/paper/5423-generative-adversarial-nets.pdf
Digital Library
[17]
Ian J. Goodfellow. 2016. NIPS 2016 Tutorial: Generative Adversarial Networks. CoRR, Vol. abs/1701.00160 (2016).
[18]
Yoshua Bengio Ian Goodfellow and Aaron Courville. 2017. Deep Learning: Data Encoding 1 ed.). MIT Press, Cambridge, MA.
[19]
Jesus Freke. 2019. Baksmali . https://github.com/JesusFreke/smali . (2019).
[20]
ElMouatez Billah Karbab, Mourad Debbabi, Abdelouahid Derhab, and Djedjiga Mouheb. 2018. MalDozer: Automatic framework for android malware detection using deep learning. Digital Investigation, Vol. 24 (2018), S48--S59.
[21]
T. Kim, B. Kang, M. Rho, S. Sezer, and E. G. Im. 2019. A Multimodal Deep Learning Method for Android Malware Detection Using Various Features. IEEE Transactions on Information Forensics and Security, Vol. 14, 3 (2019), 773--788.
[22]
A. H. Lashkari, A. F. A.Kadir, H. Gonzalez, K. F. Mbah, and A. A. Ghorbani. 2017. Towards a Network-Based Framework for Android Malware Detection and Characterization. In 2017 15th Annual Conference on Privacy, Security and Trust (PST) . 233--23309.
[23]
Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, and Christian Platzer. 2014. ANDRUBIS - 1, 000, 000 Apps Later: A View on Current Android Malware Behaviors. In Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS@ESORICS 2014, Wroclaw, Poland, September 11, 2014. 3--17.
[24]
Yang Liu, Zhaowen Wang, Hailin Jin, and Ian Wassell. 2018. Multi-Task Adversarial Network for Disentangled Feature Learning. In The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) .
[25]
Aravind Machiry, Nilo Redini, Eric Gustafson, Yanick Fratantonio, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2018. Using Loops For Malware Classification Resilient to Feature-unaware Perturbations. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC '18). 112--123.
Digital Library
[26]
Davide Maiorca, Davide Ariu, Igino Corona, Marco Aresu, and Giorgio Giacinto. 2015. Stealth Attacks: An Extended Insight into the Obfuscation Effects on Android Malware. Comput. Secur., Vol. 51, C (June 2015), 16--31.
Digital Library
[27]
Davide Maiorca, Francesco Mercaldo, Giorgio Giacinto, Corrado Aaron Visaggio, and Fabio Martinelli. 2017. R-PackDroid: API Package-based Characterization and Detection of Mobile Ransomware. In Proceedings of the Symposium on Applied Computing (SAC '17). 1718--1723. http://doi.acm.org/10.1145/3019612.3019793
Digital Library
[28]
Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon J. Ross, and Gianluca Stringhini. 2017. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017 .
[29]
Fabio Martinelli, Fiammetta Marulli, and Francesco Mercaldo. 2017. Evaluating Convolutional Neural Network for Effective Mobile Malware Detection. Procedia Comput. Sci., Vol. 112, C (Sept. 2017), 2372--2381.
[30]
Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupé, and Gail Joon Ahn. 2017. Deep Android Malware Detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17). ACM, New York, NY, USA, 301--308.
Digital Library
[31]
Robin Nix and Jian Zhang. 2017. Classification of Android apps and malware using deep neural networks. In 2017 International Joint Conference on Neural Networks, IJCNN 2017, Anchorage, AK, USA, May 14--19, 2017. 1871--1878.
[32]
L. Onwuzurike, M. Almeida, E. Mariconti, J. Blackburn, G. Stringhini, and E. De Cristofaro. 2018. A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis. In 2018 16th Annual Conference on Privacy, Security and Trust (PST) . 1--10.
[33]
V. Rastogi, Y. Chen, and X. Jiang. 2014. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. IEEE Transactions on Information Forensics and Security, Vol. 9, 1 (2014), 99--108.
Digital Library
[34]
Borja Sanz, Igor Santos, Carlos Laorden, Xabier Ugarte-Pedrero, Pablo García Bringas, and Gonzalo Álvarez Mara nón. CISIS/ICEUTE/SOCO Special Sessions, Álvaro Herrero, Václav Snásel, Ajith Abraham, Ivan Zelinka, Bruno Baruque, Héctor Quintián-Pardo, José Lu's Calvo-Rolle, Javier Sedano, and Emilio Corchado (Eds.).
[35]
A. Saracino, D. Sgandurra, G. Dini, and F. Martinelli. 2018. MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention. IEEE Transactions on Dependable and Secure Computing, Vol. 15, 1 (2018), 83--97.
[36]
Michael Sikorski and Andrew Hong. 2012. Data Encoding. In Practical Malware Analysis. No Starch Press Inc, US, 281--285, 294.
[37]
A. Skovoroda and D. Gamayunov. 2017. Automated Static Analysis and Classification of Android Malware using Permission and API Calls Models. In 2017 15th Annual Conference on Privacy, Security and Trust (PST). 243--24309.
[38]
Guillermo Suarez-Tangil, Santanu Kumar Dash, Mansour Ahmadi, Johannes Kinder, Giorgio Giacinto, and Lorenzo Cavallaro. 2017. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY '17). 309--320.
Digital Library
[39]
M. Sun, X. Li, J. C. S. Lui, R. T. B. Ma, and Z. Liang. 2017. Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android. IEEE Transactions on Information Forensics and Security, Vol. 12, 5 (2017), 1103--1112.
Digital Library
[40]
Sundar Pichai. 2017. Google I/0 2017 Keynote Speech . https://www.youtube.com/watch?v=Y2VF8tmLFHw . (2017).
[41]
Christina Wadsworth, Francesca Vera, and Chris Piech. 2018. Achieving Fairness through Adversarial Learning: an Application to Recidivism Prediction. CoRR, Vol. abs/1807.00199 (2018).
[42]
S. Wang, Q. Yan, Z. Chen, B. Yang, C. Zhao, and M. Conti. 2018. Detecting Android Malware Leveraging Text Semantics of Network Flows. IEEE Transactions on Information Forensics and Security, Vol. 13, 5 (2018), 1096--1109.
Digital Library
[43]
Fengguo Wei, Yuping Li, Sankardas Roy, Xinming Ou, and Wu Zhou. 2017. Deep Ground Truth Analysis of Current Android Malware. In DIMVA .
[44]
Michelle Wong and David Lie. 2016. hrefhttps://security.csl.toronto.edu/papers/mwong_ndss2016.pdfIntelliDroid: A targeted input generator for the dynamic analysis of Android malware. In Proceedings of the 2016 Symposium on Network and Distributed System Security (NDSS) . (Acceptance: 60/389, 15%, 38 citations).
[45]
Michelle Wong and David Lie. 2018. hrefhttps://security.csl.toronto.edu/wp-content/uploads/2018/06/mwong-usenixsec2018-tiro.pdfTackling runtime-based obfuscation in Android with TIRO. In Proceedings of the 27th USENIX Security Symposium .
[46]
K. Xu, Y. Li, R. H. Deng, and K. Chen. 2018. DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks. In 2018 IEEE European Symposium on Security and Privacy (EuroS P) . 473--487.
[47]
Suleiman Y. Yerima, Sakir Sezer, and Igor Muttik. 2014. Android Malware Detection Using Parallel Machine Learning Classifiers. In Proceedings of the 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST '14). 37--42.
Digital Library
[48]
S. Y. Yerima, S. Sezer, and I. Muttik. 2015. High accuracy android malware detection using ensemble learning. IET Information Security, Vol. 9, 6 (2015), 313--320.
Digital Library
[49]
Z. Yuan, Y. Lu, and Y. Xue. 2016. Droiddetector: android malware characterization and detection using deep learning. Tsinghua Science and Technology, Vol. 21, 1 (2016), 114--123.
[50]
J. Zhu, Z. Wu, Z. Guan, and Z. Chen. 2015. API Sequences Based Malware Detection for Android. 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom) . 673--676.
Cited By
View all
- Abdullah KHadi A(2024)Exploring the Effectiveness of Machine and Deep Learning Techniques for Android Malware DetectionJournal of Image Processing and Intelligent Remote Sensing10.55529/jipirs.42.1.10(1-10)Online publication date: 1-Feb-2024
- Siddiqui SKhan T(2024)An Overview of Techniques for Obfuscated Android Malware DetectionSN Computer Science10.1007/s42979-024-02637-35:4Online publication date: 16-Mar-2024
https://dl.acm.org/doi/10.1007/s42979-024-02637-3
- Rai AIm E(2024)Multi-NetDroid: Multi-layer Perceptron Neural Network forAndroid Malware DetectionUbiquitous Security10.1007/978-981-97-1274-8_15(219-235)Online publication date: 13-Mar-2024
- Show More Cited By
Index Terms
DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection
Computing methodologies
Machine learning
Learning paradigms
Multi-task learning
Machine learning approaches
Neural networks
Security and privacy
Intrusion/anomaly detection and malware mitigation
Malware and its mitigation
Recommendations
- DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware
CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy
With more than two million applications, Android marketplaces require automatic and scalable methods to efficiently vet apps for the absence of malicious threats. Recent techniques have successfully relied on the extraction of lightweight syntactic ...
Read More
- Obfuscated Mobile Malware Detection by Means of Dynamic Analysis and Explainable Deep Learning
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
With the growth of the mobile market, malicious applications represent a risk to the security of the users. To mitigate this aspect, researchers proposed different techniques to spot and identify unsafe software placed on the market. On the other hand, ...
Read More
- Obfuscation: The Hidden Malware
A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...
Read More
Comments
Information & Contributors
Information
Published In
CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy
March 2020
392 pages
ISBN:9781450371070
DOI:10.1145/3374664
- General Chairs:
- Vassil Roussev
University of New Orleans, USA
, - Bhavani Thuraisingham
University of Texas at Dallas, USA
, - Program Chairs:
- Barbara Carminati
University of Insubria, Italy
, - Murat Kantarcioglu
University of Texas at Dallas, USA
Copyright © 2020 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [emailprotected]
Sponsors
- SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 March 2020
Permissions
Request permissions for this article.
Check for updates
Author Tags
- android malware detection
- convolutional neural networks
- deep learning
- obfuscation
Qualifiers
- Research-article
Conference
CODASPY '20
Sponsor:
- SIGSAC
CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy
March 16 - 18, 2020
LA, New Orleans, USA
Acceptance Rates
Overall Acceptance Rate 149 of 789 submissions, 19%
Contributors
Other Metrics
View Article Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations
33
Total Citations
647
Total Downloads
- Downloads (Last 12 months)74
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Citations
Cited By
View all
- Abdullah KHadi A(2024)Exploring the Effectiveness of Machine and Deep Learning Techniques for Android Malware DetectionJournal of Image Processing and Intelligent Remote Sensing10.55529/jipirs.42.1.10(1-10)Online publication date: 1-Feb-2024
- Siddiqui SKhan T(2024)An Overview of Techniques for Obfuscated Android Malware DetectionSN Computer Science10.1007/s42979-024-02637-35:4Online publication date: 16-Mar-2024
https://dl.acm.org/doi/10.1007/s42979-024-02637-3
- Rai AIm E(2024)Multi-NetDroid: Multi-layer Perceptron Neural Network forAndroid Malware DetectionUbiquitous Security10.1007/978-981-97-1274-8_15(219-235)Online publication date: 13-Mar-2024
- Chopra RAcharya SRawat UBhatnagar R(2023)An Energy Efficient, Robust, Sustainable, and Low Computational Cost Method for Mobile Malware DetectionApplied Computational Intelligence and Soft Computing10.1155/2023/20290642023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/2029064
- Arya MArya SArya S(2023)An Evaluation of Real-time Malware Detection in IoT Devices: Comparison of Machine Learning Algorithms with RapidMiner2023 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT57321.2023.10187265(077-082)Online publication date: 18-May-2023
- Gao CCai MYin SHuang GLi HYuan WLuo X(2023)Obfuscation-Resilient Android Malware Analysis Based on Complementary FeaturesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.330250918(5056-5068)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1109/TIFS.2023.3302509
- Singh VKumar LPatel AKrishna A(2023)An Empirical Framework for Malware Prediction Using Multi-Layer Perceptron2023 OITS International Conference on Information Technology (OCIT)10.1109/OCIT59427.2023.10430935(485-490)Online publication date: 13-Dec-2023
- Buriya SSharma N(2023)Malware Detection Using 1d Convolution with Batch Normalization and L2 Regularization for Android2023 International Conference on System, Computation, Automation and Networking (ICSCAN)10.1109/ICSCAN58655.2023.10395472(1-6)Online publication date: 17-Nov-2023
- Asif MAsif SMubarik IHussain R(2022)Malicious Applications Detection in Android Using Machine LearningInternational Journal of Artificial Intelligence and Machine Learning10.51483/IJAIML.2.2.2022.21-342:2(21-34)Online publication date: 5-Jul-2022
- Lee DJeon GLee SCho H(2022)Deobfuscating Mobile Malware for Identifying Concealed BehaviorsComputers, Materials & Continua10.32604/cmc.2022.02639572:3(5909-5923)Online publication date: 2022
- Show More Cited By
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in
Full Access
Get this Publication
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderMedia
Figures
Other
Tables