[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2019.04.025

DroidVecDeep: Android Malware Detection Based on Word2Vec and Deep Belief Network

Chen, Tieming (College of Computer Science, Zhejiang University of Technology)
Mao, Qingyu (College of Computer Science, Zhejiang University of Technology)
Lv, Mingqi (College of Computer Science, Zhejiang University of Technology)
Cheng, Hongbing (College of Computer Science, Zhejiang University of Technology)
Li, Yinglong (College of Computer Science, Zhejiang University of Technology)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.4, 2019 , pp. 2180-2197 More about this Journal

Abstract

With the proliferation of the Android malicious applications, malware becomes more capable of hiding or confusing its malicious intent through the use of code obfuscation, which has significantly weaken the effectiveness of the conventional defense mechanisms. Therefore, in order to effectively detect unknown malicious applications on the Android platform, we propose DroidVecDeep, an Android malware detection method using deep learning technique. First, we extract various features and rank them using Mean Decrease Impurity. Second, we transform the features into compact vectors based on word2vec. Finally, we train the classifier based on deep learning model. A comprehensive experimental study on a real sample collection was performed to compare various malware detection approaches. Experimental results demonstrate that the proposed method outperforms other Android malware detection techniques.

Keywords

Android security; malware detection; deep learning; distributed representation; word2vec;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	Y. Luan, S. Watanabe, and B. Harsham, "Efficient learning for spoken language understanding tasks with word embedding based pre-training," in Proc. of Sixteenth Annual Conference of the International Speech Communication Association, pp. 1398-1402, 2015.
2	E. Raff, J. Sylvester, and C. Nicholas, " Learning the PE Header, Malware Detection with Minimal Domain Knowledge," in Proc. of the 10th ACM Workshop on Artificial Intelligence and Security, ACM, pp. 121-132, 2017.
3	E. B. Karbab, M. Debbabi, A. Derhab, and D. Mouheb, "Android Malware Detection using Deep Learning on API Method Sequences," 2017.
4	S. Hou, A. Saas, L. Chen, and Y. Ye, "Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs," in Proc. of 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), IEEE, pp. 104-111, 2016.
5	Z. Yuan, Y. Lu, and Y. Xue, "Droiddetector: android malware characterization and detection using deep learning," Tsinghua Science and Technology, vol. 21, pp. 114-123, 2016. DOI
6	X. Su, D. Zhang, W. Li, and K. Zhao, "A deep learning approach to android malware feature learning and detection," in Proc. of Trustcom/BigDataSE/I SPA, 2016 IEEE, IEEE, pp. 244-251, 2016.
7	VirusTotal.
8	Contagio Mobile Malware Mini Dump.
9	APKPure.
10	360 market.
11	Apktool.
12	G. Louppe, L. Wehenkel, A. Sutera, and P. Geurts, "Understanding variable importances in forests of randomized trees," in Proc. of Advances in neural information processing systems, pp. 431-439, 2013.
13	IDC: Smartphone OS Market Share. https://www.idc.com/promo/smartphone-market-share/os.
14	2017 Special Report on Android Malware. http://blogs.360.cn/360mobile/2018/03/01/review_Android_malware_of_2017/.
15	A. Shabtai, Y. Fledel, U. Kanonov et al., "Google android:a state-of-the-art review of security mechanisms," 2009.
16	A. Feizollah, N. B. Anuar, R. Salleh, and A. W. A. Wahab, "A review on feature selection in mobile malware detection," Digital investigation, vol. 13, pp. 22-37, 2015. DOI
17	Q. Le, and T. Mikolov, "Distributed representations of sentences and documents," in Proc. of International Conference on Machine Learning, pp. 1188-1196, 2014.
18	A.P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proc. of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ACM, pp. 3-14, 2011.
19	H. J. Zhu, Z. H. You, Z. X. Zhu, W. L. Shi, X. Chen, and L. Cheng, "DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model," Neurocomputing, vol. 272, pp. 638-646, 2018. DOI
20	J. Li, L. Sun, Q. Yan, Z. Li, W. Srisa-an, and H. Ye, "Significant Permission Identification for Machine Learning Based Android Malware Detection," IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3216-3225, 2018. DOI
21	J. Saxe, and K. Berlin, "Deep neural network based malware detection using two dimensional binary program features," in Proc. of Malicious and Unwanted Software (MALWARE), 2015 10th International Conference on, IEEE, pp. 11-20, 2015.
22	G. E. Hinton, S. Osindero, and Y. W. The, "A fast learning algorithm for deep belief nets," Neural computation, vol. 18, no. 7, pp. 1527-1554, 2006. DOI
23	deep-belief-network.
24	Y. Shao, J. Ott, Y. J. Jia, Z. Qian, and Z. M. Mao, "The misuse of android unix domain sockets and security implications," in Proc. of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM, pp. 80-91, 2016.
25	Suarez-Tangil, G., S.K. Dash, M. Ahmadi, J. Kinder, G. Giacinto, and L.Cavallaro, "DroidSieve: Fast and accurate classification of obfuscated android malware," in Proc. of the Seventh ACM on Conference on Data and Application Security and Privacy, ACM, pp. 309-320, 2017.
26	C. Wang, Z. Li, X. Mo, H. Yang, and Y. Zhao, "An android malware dynamic detection method based on service call co-occurrence matrices," Annals of Telecommunications, vol. 72, pp. 607-615, 2017. DOI
27	Y. Xu, C. Wu, K. Zheng, X. Niu, and T. Lu, "Feature Selection to Mine Joint Features from High-dimension Space for Android Malware Detection," KSII Transactions on Internet & Information Systems, vol. 11, no. 9, pp.4658-4679, 2017. DOI
28	T. Chen, X. Zhang, S. Jin, and O. Kim, "Efficient classification using parallel and scalable compressed model and its application on intrusion detection," Expert Systems with Applications, vol. 41, pp. 5972-5983, 2014. DOI
29	D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck, "Drebin: Effective and Explainable Detection of Android Malware in Your Pocket," in Proc. of 21st Annual Network and Distributed System Security Symposium (NDSS'14), pp. 1-15, San Diego, CA, USA, February 2014.
30	T. Chen, Y. Yang et al., "Maldetect: An Android Malware Detection System Based on Abstraction of Dalvik Instructions," Journal of Computer Research and Development,vol. 53, pp. 2299-2306, 2016.( in Chinese)
31	K. Zhao, D. Zhang, X. Su, and W. Li, "Fest: A feature extraction and selection tool for Android malware detection," in Proc. of Computers and Communication (ISCC), 2015 IEEE Symposium on, IEEE, pp. 714-720, 2015.
32	S. Hou, Y. Ye, Y. Song, and M. Abdulhayoglu, "Hindroid: An intelligent android malware detection system based on structured heterogeneous information network," in Proc. of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM, pp. 1507-1515, 2017.