Deep android malware detection

Niall McLaughlin; Jesus Martinez Del Rincon; Boo Joong Kang; Suleiman Yerima; Paul Miller; Sakir Sezer; Yeganeh Safaei; Erik Trickel; Ziming Zhao; Adam Doupe; Gail-Joon Ahn

doi:10.1145/3029806.3029823

Deep android malware detection

Niall McLaughlin, Jesus Martinez Del Rincon, Boo Joong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupe, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

372 Scopus citations

Abstract

In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.

Original language	English (US)
Title of host publication	CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	301-308
Number of pages	8
ISBN (Electronic)	9781450345231
DOIs	https://doi.org/10.1145/3029806.3029823
State	Published - Mar 22 2017
Event	7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 - Scottsdale, United States Duration: Mar 22 2017 → Mar 24 2017

Publication series

Name	CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

Conference

Conference	7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
Country/Territory	United States
City	Scottsdale
Period	3/22/17 → 3/24/17

Keywords

Android
Deep learning
Malware detection

ASJC Scopus subject areas

Computer Science Applications
Information Systems
Software

Access to Document

10.1145/3029806.3029823

Cite this

McLaughlin, N., Del Rincon, J. M., Kang, B. J., Yerima, S., Miller, P., Sezer, S., Safaei, Y., Trickel, E., Zhao, Z., Doupe, A., & Ahn, G.-J. (2017). Deep android malware detection. In CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (pp. 301-308). (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3029806.3029823

Deep android malware detection. / McLaughlin, Niall; Del Rincon, Jesus Martinez; Kang, Boo Joong et al.
CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2017. p. 301-308 (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

McLaughlin, N, Del Rincon, JM, Kang, BJ, Yerima, S, Miller, P, Sezer, S, Safaei, Y, Trickel, E, Zhao, Z, Doupe, A & Ahn, G-J 2017, Deep android malware detection. in CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 301-308, 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, United States, 3/22/17. https://doi.org/10.1145/3029806.3029823

McLaughlin N, Del Rincon JM, Kang BJ, Yerima S, Miller P, Sezer S et al. Deep android malware detection. In CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2017. p. 301-308. (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3029806.3029823

@inproceedings{da7d9174c17946d7bd7e7c7575bcea7e,

title = "Deep android malware detection",

abstract = "In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.",

keywords = "Android, Deep learning, Malware detection",

author = "Niall McLaughlin and {Del Rincon}, {Jesus Martinez} and Kang, {Boo Joong} and Suleiman Yerima and Paul Miller and Sakir Sezer and Yeganeh Safaei and Erik Trickel and Ziming Zhao and Adam Doupe and Gail-Joon Ahn",

note = "Publisher Copyright: {\textcopyright} 2017 ACM.; 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 ; Conference date: 22-03-2017 Through 24-03-2017",

year = "2017",

month = mar,

day = "22",

doi = "10.1145/3029806.3029823",

language = "English (US)",

series = "CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "301--308",

booktitle = "CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy",

}

TY - GEN

T1 - Deep android malware detection

AU - McLaughlin, Niall

AU - Del Rincon, Jesus Martinez

AU - Kang, Boo Joong

AU - Yerima, Suleiman

AU - Miller, Paul

AU - Sezer, Sakir

AU - Safaei, Yeganeh

AU - Trickel, Erik

AU - Zhao, Ziming

AU - Doupe, Adam

AU - Ahn, Gail-Joon

PY - 2017/3/22

Y1 - 2017/3/22

N2 - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.

AB - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods, as the network is trained end-To-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be effeciently executed on a GPU, allowing a very large number of files to be scanned quickly.

KW - Android

KW - Deep learning

KW - Malware detection

UR - http://www.scopus.com/inward/record.url?scp=85018516553&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018516553&partnerID=8YFLogxK

U2 - 10.1145/3029806.3029823

DO - 10.1145/3029806.3029823

M3 - Conference contribution

AN - SCOPUS:85018516553

T3 - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

SP - 301

EP - 308

BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

T2 - 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017

Y2 - 22 March 2017 through 24 March 2017

ER -

Deep android malware detection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this