TY - GEN
T1 - Deep android malware detection
AU - McLaughlin, Niall
AU - Del Rincon, Jesus Martinez
AU - Kang, Boo Joong
AU - Yerima, Suleiman
AU - Miller, Paul
AU - Sezer, Sakir
AU - Safaei, Yeganeh
AU - Trickel, Erik
AU - Zhao, Ziming
AU - Doupe, Adam
AU - Ahn, Gail-Joon
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/3/22
Y1 - 2017/3/22
N2 - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.
AB - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.
KW - Android
KW - Deep learning
KW - Malware detection
UR - http://www.scopus.com/inward/record.url?scp=85018516553&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018516553&partnerID=8YFLogxK
U2 - 10.1145/3029806.3029823
DO - 10.1145/3029806.3029823
M3 - Conference contribution
AN - SCOPUS:85018516553
T3 - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
SP - 301
EP - 308
BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
T2 - 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
Y2 - 22 March 2017 through 24 March 2017
ER -