We present DANdroid, a novel Android malware detection model using a deep learning Discriminative Adversarial Network (DAN) that classifies both obfuscated and unobfuscated apps as either malicious or benign. Our method, which we empirically demonstrate is robust against a selection of four prevalent and real-world obfuscation techniques, makes three contributions. Firstly, an innovative application of discriminative adversarial learning results in malware feature representations with a strong degree of resilience to the four obfuscation techniques. Secondly, the use of three feature sets; raw opcodes, permissions and API calls, that are combined in a multi-view deep learning architecture to increase this obfuscation resilience. Thirdly, we demonstrate the potential of our model to generalize over rare and future obfuscation methods not seen in training. With an overall dataset of 68,880 obfuscated and unobfuscated malicious and benign samples, our multi-view DAN model achieves an average F-score of 0.973 that compares favourably with the state-of-the-art, despite being exposed to the selected obfuscation methods applied both individually and in combination.
|Title of host publication||Proceeding of the 10th ACM Conference on Data and Application Security and Privacy|
|Publication status||Published - 01 Mar 2020|
|Event||The 10th ACM Conference on Data and Application Security and Privacy - New Orleans, United States|
Duration: 16 Mar 2020 → 18 Mar 2020
Conference number: 10th
|Conference||The 10th ACM Conference on Data and Application Security and Privacy|
|Period||16/03/2020 → 18/03/2020|