Android Malware Detection Based on Deep Learning: Achievements and Challenges

Yi CHEN; Di TANG; Wei ZOU

doi:10.11999/JEIT200009

Volume 42 Issue 9

Sep. 2020

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2020 > 42(9): 2082-2094

Yi CHEN, Di TANG, Wei ZOU. Android Malware Detection Based on Deep Learning: Achievements and Challenges[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2082-2094. doi: 10.11999/JEIT200009

Citation:

Yi CHEN, Di TANG, Wei ZOU. Android Malware Detection Based on Deep Learning: Achievements and Challenges[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2082-2094. doi: 10.11999/JEIT200009

Citation:

PDF( 471 KB)

Android Malware Detection Based on Deep Learning: Achievements and Challenges

doi: 10.11999/JEIT200009

Yi CHEN^{1, 3, 4},
Di TANG²,
Wei ZOU^{1, 3, 4
,
,}

1.
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
2.
Chinese University of Hong Kong, Hongkong 999077, China
3.
Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences, Beijing 100093, China
4.
School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China

Funds: Foundation of Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences (CXJJ-19S022)

Received Date: 2020-01-20
Rev Recd Date: 2020-07-30

Available Online: 2020-08-07

Publish Date: 2020-09-27

Abstract

Abstract

With the prosperous of Android applications, Android malware has been scattered everywhere, which raises the serious security risk to users. On the other hand, the rapid developing of deep learning fires the combat between the two sides of malware detection. Inducing deep learning technologies into Android malware detection becomes the hottest topic of society. This paper summarizes the existing achievements of malware detection from four aspects: Data collection, feature construction, network structure and detection performance. Finally, the current limitations and facing challenges followed by the future researches are discussed.
- Mobile security,
- Android malware,
- Android application,
- Deep learning,
- Machine learning

FullText(HTML)

References(70)

References

CHAU M and REITH R. Smartphone market share[EB/OL]. https://www.idc.com/promo/smartphone-market-share/os, 2019.

Tencent Mobile Butler. Tencent mobile security lab mobile security report in the first half year of 2019[EB/OL]. https://m.qq.com/security_lab/news_detail_517.html, 2019.

WANG Bolun, YAO Yuanshun, SHAN S, et al. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks[C]. 2019 IEEE Symposium on Security and Privacy, San Francisco, USA, 2019: 707–723. doi: 10.1109/SP.2019.00031.

SAFAVIAN S R and LANDGREBE D. A survey of decision tree classifier methodology[J]. IEEE Transactions on Systems, Man, and Cybernetics, 1991, 21(3): 660–674. doi: 10.1109/21.97458

SUYKENS J A K and VANDEWALLE J. Least squares support vector machine classifiers[J]. Neural Processing Letters, 1999, 9(3): 293–300. doi: 10.1023/A:1018628609742

MCCALLUM A and NIGAM K. A comparison of event models for naive Bayes text classification[C]. AAAI-98 Workshop on Learning for Text Categorization, Madison, Isconsin, USA, 1998: 41–48.

王鑫, 李可, 宁晨, 等. 基于深度卷积神经网络和多核学习的遥感图像分类方法[J]. 电子与信息学报, 2019, 41(5): 1098–1105. doi: 10.11999/JEIT180628

WANG Xin, LI Ke, NING Chen, et al. Remote sensing image classification method based on deep convolution neural network and multi-kernel learning[J]. Journal of Electronics &Information Technology, 2019, 41(5): 1098–1105. doi: 10.11999/JEIT180628

徐少平, 张贵珍, 李崇禧, 等. 基于深度置信网络的随机脉冲噪声快速检测算法[J]. 电子与信息学报, 2019, 41(5): 1130–1136. doi: 10.11999/JEIT180558

XU Shaoping, ZHANG Guizhen, LI Chongxi, et al. A fast random-valued impulse noise detection algorithm based on deep belief network[J]. Journal of Electronics &Information Technology, 2019, 41(5): 1130–1136. doi: 10.11999/JEIT180558

杨宏宇, 王峰岩. 基于深度卷积神经网络的气象雷达噪声图像语义分割方法[J]. 电子与信息学报, 2019, 41(10): 2373–2381. doi: 10.11999/JEIT190098

YANG Hongyun and WANG Fengyan. Meteorological radar noise image semantic segmentation method based on deep convolutional neural network[J]. Journal of Electronics &Information Technology, 2019, 41(10): 2373–2381. doi: 10.11999/JEIT190098

STATISTA. Number of available applications in the Google Play Store from December 2009 to June 2020[EB/OL]. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/, 2019.

KIM T, KANG B, RHO M, et al. A multimodal deep learning method for Android malware detection using various features[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(3): 773–788. doi: 10.1109/TIFS.2018.2866319

YUAN Zhenlong, LU Yongqiang, WANG Zhaoguo, et al. Droid-sec: Deep learning in android malware detection[C]. 2014 ACM Conference on SIGCOMM, Chicago, USA, 2014: 371–372. doi: 10.1145/2619239.2631434.

XIAO Xi, WANG Zhenlong, LI Qing, et al. Back-propagation neural network on Markov chains from system call sequences: A new approach for detecting Android malware with system call sequences[J]. IET Information Security, 2017, 11(1): 8–15. doi: 10.1049/iet-ifs.2015.0211

NIX R and ZHANG Jian. Classification of Android apps and malware using deep neural networks[C]. 2017 International Joint Conference on Neural Networks, Anchorage, USA, 2017: 1871–1878. doi: 10.1109/IJCNN.2017.7966078.

HUANG Na, XU Ming, ZHENG Ning, et al. Deep android malware classification with API-based feature graph[C]. The 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, Rotorua, New Zealand, 2019: 296–303. doi: 10.1109/TrustCom/BigDataSE.2019.00047.

ABDERRAHMANE A, ADNANE G, YACINE C, et al. Android malware detection based on system calls analysis and CNN classification[C]. 2019 IEEE Wireless Communications and Networking Conference Workshop, Marrakech, Morocco, 2019: 1–6. doi: 10.1109/WCNCW.2019.8902627.

WANG Wei, ZHAO Mengxue, and WANG Jigang. Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network[J]. Journal of Ambient Intelligence and Humanized Computing, 2019, 10(8): 3035–3043. doi: 10.1007/s12652-018-0803-6

XIAO Xi, ZHANG Shaofeng, MERCALDO F, et al. Android malware detection based on system call sequences and LSTM[J]. Multimedia Tools and Applications, 2019, 78(4): 3979–3999. doi: 10.1007/s11042-017-5104-0

YUAN Zhenlong, LU Yongqiang, and XUE Yibo. Droiddetector: Android malware characterization and detection using deep learning[J]. Tsinghua Science and Technology, 2016, 21(1): 114–123. doi: 10.1109/TST.2016.7399288

MCLAUGHLIN N, MARTINEZ DEL RINCON J, KANG B, et al. Deep android malware detection[C]. The 7th ACM on Conference on Data and Application Security and Privacy, Scottsdale, USA, 2017: 301–308. doi: 10.1145/3029806.3029823.

NAWAY A and LI Yuancheng. Using deep neural network for Android malware detection[EB/OL]. https://arxiv.org/pdf/1904.00736, 2019.

WANG Zhiqiang, LI Gefei, CHI Yaping, et al. Android malware detection based on convolutional neural networks[C]. The 3rd International Conference on Computer Science and Application Engineering, Sanya, China, 2019: 1–151. doi: 10.1145/3331453.3361306.

SABHADIYA S, BARAD J, and GHEEWALA J. Android malware detection using deep learning[C]. The 3rd International Conference on Trends in Electronics and Informatics, Tirunelveli, India, 2019: 1254–1260. doi: 10.1109/ICOEI.2019.8862633.

MELISSA. VirusShare. Com-because sharing is caring[EB/OL]. https://virusshare.com, 2019.

ALLIX K, BISSYANDÉ T F, KLEIN J, et al. Androzoo: Collecting millions of android apps for the research community[C]. The 13th IEEE/ACM Working Conference on Mining Software Repositories, Austin, TX, USA, 2016: 468–471.

WEI Fengguo, LI Yuping, ROY S, et al. Deep ground truth analysis of current android malware[C]. The 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany, 2017: 252–276. doi: 10.1007/978-3-319-60876-1.

MILAPARKOUR. Contagio mobile mobile malware mini dump[EB/OL]. http://contagiominidump.blogspot.com, 2019.

ARP D, SPREITZENBARTH M, HUBNER M, et al. Drebin: Effective and explainable detection of android malware in your pocket[C]. The 21st Annual Network and Distributed System Security Symposium, San Diego, California, USA, 2014: 23–26. doi: 10.14722/ndss.2014.23247.

KADIR A F A, STAKHANOVA N, and GHORBANI A A. Android botnets: What URLs are telling us[C]. The 9th International Conference on Network and System Security, New York, NY, 2015: 78–79. doi: 10.1007/978-3-319-25645-0_6.

ZHOU Yajin and JIANG Xuxian. Dissecting android malware: Characterization and evolution[C]. 2012 IEEE Symposium on Security and Privacy, San Francisco, USA, 2012: 95–109. doi: 10.1109/SP.2012.16.

YE Yanfang, HOU Shifu, CHEN Lingwei, et al. Out-of-sample node representation learning for heterogeneous graph in real-time android malware detection[C]. The 28th International Joint Conference on Artificial Intelligence, Macao, China, 2019: 4150–4156. doi: 10.24963/ijcai.2019/576.

ALZAYLAEE M K, YERIMA S Y, and SEZER S. DL-Droid: Deep learning based android malware detection using real devices[J]. Computers & Security, 2020, 89: 101663. doi: 10.1016/j.cose.2019.101663

HOU Shifu, SAAS A, CHEN Lifei, et al. Deep4MalDroid: A deep learning framework for android malware detection based on Linux kernel system call graphs[C]. 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops, Omaha, USA, 2016: 104–111. doi: 10.1109/WIW.2016.040.

HOU Shifu, SAAS A, YE Yanfang, et al. Droiddelver: An android malware detection system using deep belief network based on API call blocks[C]. WAIM 2016 International Conference on Web-Age Information Management, Nanchang, China, 2016: 54–55. doi: 10.1007/978-3-319-47121-1_5.

HUANG T H D and KAO H Y. R2-D2: Color-inspired convolutional neural network (CNN)-based android malware detections[C]. 2018 IEEE International Conference on Big Data, Seattle, USA, 2018: 2633–2642. doi: 10.1109/BigData.2018.8622324.

NAUMAN M, TANVEER T A, KHAN S, et al. Deep neural architectures for large scale android malware analysis[J]. Cluster Computing, 2018, 21(1): 569–588. doi: 10.1007/s10586-017-0944-y

DUC N V and GIANG P T. NADM: Neural network for Android detection malware[C]. The 9th International Symposium on Information and Communication Technology, Danang City, Vietnam, 2018: 449–455. doi: 10.1145/3287921.3287977.

AAFER Y, DU WENLIANG, and YIN Heng. Droidapiminer: Mining API-level features for robust malware detection in android[C]. The 9th International Conference on Security and Privacy in Communication Systems, Sydney, Australia, 2013: 86–103. doi: 10.1007/978-3-319-04283-1_6.

PEKTAŞ A and ACARMAN T. Deep learning for effective Android malware detection using API call graph embeddings[J]. Soft Computing, 2020, 24(2): 1027–1043. doi: 10.1007/s00500-019-03940-5

SUN Yizhou and HAN Jiawei. Mining heterogeneous information networks: Principles and methodologies[J]. Synthesis Lectures on Data Mining and Knowledge Discovery, 2012, 3(2): 1–159. doi: 10.2200/S00433ED1V01Y201207DMK005

FAN Yujie, HOU Shifu, ZHANG Yiming, et al. Gotcha-sly malware!: Scorpion a metagraph2vec based malware detection system[C]. The 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, London, UK, 2018: 253–262. doi: 10.1145/3219819.3219862.

DONG Yuxiao, CHAWLA N V, and SWAMI A. Metapath2vec: Scalable representation learning for heterogeneous networks[C]. The 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Halifax, Canada, 2017: 135–144. doi: 10.1145/3097983.3098036.

FU Taoyang, LEE W C, and LEI Zhen. Hin2vec: Explore meta-paths in heterogeneous information networks for representation learning[C]. 2017 ACM on Conference on Information and Knowledge Management, Singapore, 2017: 1797–1806. doi: 10.1145/3132847.3132953.

MA Zhuo, GE Haoran, LIU Yang, et al. A combination method for Android malware detection based on control flow graphs and machine learning algorithms[J]. IEEE Access, 2019, 7: 21235–21245. doi: 10.1109/ACCESS.2019.2896003

GEORGE R C and JAIN A K. Markov random field texture models[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1983, PAMI-5(1): 25–39. doi: 10.1109/TPAMI.1983.4767341

CSÁJI B C. Approximation with artificial neural networks[D]. [Master dissertation], Eotvos Loránd University, 2001: 7.

KRIZHEVSKY A, SUTSKEVER I, and HINTON G E. ImageNet classification with deep convolutional neural networks[C]. The 25th International Conference on Neural Information Processing Systems, Lake Tahoe, USA, 2012: 1106–1114.

LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-based learning applied to document recognition[J]. Proceedings of the IEEE, 1998, 86(11): 2278–2324. doi: 10.1109/5.726791

SZEGEDY C, LIU Wei, JIA Yangqing, et al. Going deeper with convolutions[C]. The 2015 IEEE Conference on Computer Vision and Pattern Recognition, Boston, USA, 2015: 1–9. doi: 10.1109/CVPR.2015.7298594.

BERGSTRA J, BARDENET R, BENGIO Y, et al. Algorithms for hyper-parameter optimization[C]. The 25th Annual Conference on Neural Information Processing Systems 2011, Granada, Spain, 2011: 2546–2554.

SZEGEDY C, VANHOUCKE V, IOFFE S, et al. Rethinking the inception architecture for computer vision[C]. 2016 IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, 2016: 2818–2826. doi: 10.1109/CVPR.2016.308.

HOCHREITER S and SCHMIDHUBER J. Long short-term memory[J]. Neural Computation, 1997, 9(8): 1735–1780. doi: 10.1162/neco.1997.9.8.1735

MNIH V, HEESS N, GRAVES A, et al. Recurrent models of visual attention[C]. The 27th International Conference on Neural Information Processing Systems, Montreal, Canada, 2014: 2204–2212.

SALAKHUTDINOV R and MURRAY I. On the quantitative analysis of deep belief networks[C]. The 25th International Conference on Machine Learning, Helsinki, Finland, 2008: 872–879. doi: 10.1145/1390156.1390266.

ALONSO J M and CHEN Yao. Receptive field[J]. Scholarpedia, 2009, 4(1): 5393. doi: 10.4249/scholarpedia.5393

ALLEN F E. Control flow analysis[J]. ACM SIGPLAN Notices, 1970, 5(7): 1–19. doi: 10.1145/390013.808479

SCARSELLI F, GORI M, TSOI A C, et al. The graph neural network model[J]. IEEE Transactions on Neural Networks, 2009, 20(1): 61–80. doi: 10.1109/TNN.2008.2005605

JIANG Bo, ZHANG Ziyan, LIN Doudou, et al. Semi-supervised learning with graph learning-convolutional networks[C]. 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Long Beach, USA, 2019: 11305–11312. doi: 10.1109/CVPR.2019.01157.

MARON H, BEN-HAMU H, SERVIANSKY H, et al. Provably powerful graph networks[C]. The 33rd Conference on Neural Information Processing Systems, Vancouver, Canada, 2019: 2153–2164.

GORI M, MONFARDINI G, and SCARSELLI F. A new model for learning in graph domains[C]. 2005 IEEE International Joint Conference on Neural Networks, Montreal, Canada, 2005: 729–734.

WU Dongjie, MAO C H, WEI T E, et al. Droidmat: Android malware detection through manifest and API calls tracing[C]. The 7th Asia Joint Conference on Information Security, Tokyo, Japan, 2012: 62–69. doi: 10.1109/AsiaJCIS.2012.18.

HUANG C Y, TSAI Y T, and HSU C H. Performance evaluation on permission-based detection for android malware[C]. International Computer Symposium ICS 2012 Held at Hualien, Taipei, China, 2013: 111–120. doi: 10.1007/978-3-642-35473-1_12.

ZHANG Mu, DUAN Yue, YIN Heng, et al. Semantics-aware android malware classification using weighted contextual API dependency graphs[C]. 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, USA, 2014: 1105–1116. doi: 10.1145/2660267.2660359.

FEREIDOONI H, CONTI M, YAO Danfeng, et al. ANASTASIA: Android malware detection using static analysis of applications[C]. The 8th IFIP International Conference on New Technologies, Mobility and Security, Larnaca, Cyprus, 2016: 1–5. doi: 10.1109/NTMS.2016.7792435.

YANG Chao, XU Zhaoyan, GU Guofei, et al. Droidminer: Automated mining and characterization of fine-grained malicious behaviors in android applications[C]. The 19th European Symposium on Research in Computer Security, Wroclaw, Poland, 2014: 163–182. doi: 10.1007/978-3-319-11203-9_10.

DIMJAŠEVIĆ M, ATZENI S, UGRINA I, et al. Evaluation of android malware detection based on system calls[C]. 2016 ACM on International Workshop on Security and Privacy Analytics, New Orleans, USA, 2016: 1–8. doi: 10.1145/2875475.2875487.

YERIMA S Y, SEZER S, and MUTTIK I. High accuracy android malware detection using ensemble learning[J]. IET Information Security, 2015, 9(6): 313–320. doi: 10.1049/iet-ifs.2014.0099

JEROME Q, ALLIX K, STATE R, et al. Using opcode-sequences to detect malicious Android applications[C]. 2014 IEEE International Conference on Communications, Sydney, Australia, 2014: 914–919. doi: 10.1109/ICC.2014.6883436.

YERIMA S Y, SEZER S, MCWILLIAMS G, et al. A new android malware detection approach using Bayesian classification[C]. The 27th IEEE International Conference on Advanced Information Networking and Applications, Barcelona, Spain, 2013: 121–128. doi: 10.1109/AINA.2013.88.

POWERS D M W. Evaluation: From precision, recall and F-measure to ROC, informedness, markedness & correlation[J]. Journal of Machine Learning Technologies, 2011, 2(1): 37–63.

Relative Articles

Supplements(0)

Cited By

Proportional views