Deep android malware detection

Niall McLaughlin, Jesus Martinez Del Rincon, Boo Joong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupe, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

40 Citations (Scopus)

Abstract

In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.

Original languageEnglish (US)
Title of host publicationCODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages301-308
Number of pages8
ISBN (Electronic)9781450345231
DOIs
StatePublished - Mar 22 2017
Event7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 - Scottsdale, United States
Duration: Mar 22 2017Mar 24 2017

Other

Other7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
CountryUnited States
CityScottsdale
Period3/22/173/24/17

Fingerprint

Static analysis
Pipelines
Malware
Neural networks
Graphics processing unit

Keywords

  • Android
  • Deep learning
  • Malware detection

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software

Cite this

McLaughlin, N., Del Rincon, J. M., Kang, B. J., Yerima, S., Miller, P., Sezer, S., ... Ahn, G-J. (2017). Deep android malware detection. In CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (pp. 301-308). Association for Computing Machinery, Inc. https://doi.org/10.1145/3029806.3029823

Deep android malware detection. / McLaughlin, Niall; Del Rincon, Jesus Martinez; Kang, Boo Joong; Yerima, Suleiman; Miller, Paul; Sezer, Sakir; Safaei, Yeganeh; Trickel, Erik; Zhao, Ziming; Doupe, Adam; Ahn, Gail-Joon.

CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2017. p. 301-308.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

McLaughlin, N, Del Rincon, JM, Kang, BJ, Yerima, S, Miller, P, Sezer, S, Safaei, Y, Trickel, E, Zhao, Z, Doupe, A & Ahn, G-J 2017, Deep android malware detection. in CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, pp. 301-308, 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, United States, 3/22/17. https://doi.org/10.1145/3029806.3029823
McLaughlin N, Del Rincon JM, Kang BJ, Yerima S, Miller P, Sezer S et al. Deep android malware detection. In CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2017. p. 301-308 https://doi.org/10.1145/3029806.3029823
McLaughlin, Niall ; Del Rincon, Jesus Martinez ; Kang, Boo Joong ; Yerima, Suleiman ; Miller, Paul ; Sezer, Sakir ; Safaei, Yeganeh ; Trickel, Erik ; Zhao, Ziming ; Doupe, Adam ; Ahn, Gail-Joon. / Deep android malware detection. CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2017. pp. 301-308
@inproceedings{da7d9174c17946d7bd7e7c7575bcea7e,
title = "Deep android malware detection",
abstract = "In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.",
keywords = "Android, Deep learning, Malware detection",
author = "Niall McLaughlin and {Del Rincon}, {Jesus Martinez} and Kang, {Boo Joong} and Suleiman Yerima and Paul Miller and Sakir Sezer and Yeganeh Safaei and Erik Trickel and Ziming Zhao and Adam Doupe and Gail-Joon Ahn",
year = "2017",
month = "3",
day = "22",
doi = "10.1145/3029806.3029823",
language = "English (US)",
pages = "301--308",
booktitle = "CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Deep android malware detection

AU - McLaughlin, Niall

AU - Del Rincon, Jesus Martinez

AU - Kang, Boo Joong

AU - Yerima, Suleiman

AU - Miller, Paul

AU - Sezer, Sakir

AU - Safaei, Yeganeh

AU - Trickel, Erik

AU - Zhao, Ziming

AU - Doupe, Adam

AU - Ahn, Gail-Joon

PY - 2017/3/22

Y1 - 2017/3/22

N2 - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.

AB - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.

KW - Android

KW - Deep learning

KW - Malware detection

UR - http://www.scopus.com/inward/record.url?scp=85018516553&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018516553&partnerID=8YFLogxK

U2 - 10.1145/3029806.3029823

DO - 10.1145/3029806.3029823

M3 - Conference contribution

SP - 301

EP - 308

BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

ER -