Deep Android Malware Detection

Niall McLaughlin; Jesus Martinez del Rincon; BooJoong Kang; Suleiman Yerima; Paul Miller; Sakir Sezer; Yeganeh Safaeisemnani; Erik Trickel; Ziming Zhao; Adam Doupé; Gail Joon Ahn

doi:10.1145/3029806.3029823

Deep Android Malware Detection

Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaeisemnani, Erik Trickel, Ziming Zhao, Adam Doupé, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

186 Citations (Scopus)

7909 Downloads (Pure)

Abstract

In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods,
as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.

Original language	English
Title of host publication	Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017
Publisher	Association for Computing Machinery
Number of pages	8
DOIs	https://doi.org/10.1145/3029806.3029823
Publication status	Published - 22 Mar 2017
Event	ACM Conference on Data and Applications Security and Privacy - Scottsdale, Arizona, United States Duration: 22 Mar 2017 → 24 Mar 2017 Conference number: 7th http://www.codaspy.org/

Conference

Conference	ACM Conference on Data and Applications Security and Privacy
Abbreviated title	CODASPY
Country/Territory	United States
City	Scottsdale, Arizona
Period	22/03/2017 → 24/03/2017
Internet address	http://www.codaspy.org/

Access to Document

10.1145/3029806.3029823Licence: Unspecified

Deep Android Malware Detection
© 2017 The Authors. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 678 KBLicence: Unspecified

Cite this

McLaughlin, Niall ; Martinez del Rincon, Jesus ; Kang, BooJoong ; Yerima, Suleiman ; Miller, Paul ; Sezer, Sakir ; Safaeisemnani, Yeganeh ; Trickel, Erik ; Zhao, Ziming ; Doupé, Adam ; Joon Ahn, Gail. / Deep Android Malware Detection. Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017. Association for Computing Machinery, 2017.

@inproceedings{5f9451aa0737433cb8265b0060408d4c,

title = "Deep Android Malware Detection",

abstract = "In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods,as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.",

author = "Niall McLaughlin and {Martinez del Rincon}, Jesus and BooJoong Kang and Suleiman Yerima and Paul Miller and Sakir Sezer and Yeganeh Safaeisemnani and Erik Trickel and Ziming Zhao and Adam Doup{\'e} and {Joon Ahn}, Gail",

year = "2017",

month = mar,

day = "22",

doi = "10.1145/3029806.3029823",

language = "English",

booktitle = "Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017",

publisher = "Association for Computing Machinery",

note = "ACM Conference on Data and Applications Security and Privacy, CODASPY ; Conference date: 22-03-2017 Through 24-03-2017",

url = "http://www.codaspy.org/",

}

McLaughlin, N , Martinez del Rincon, J, Kang, B, Yerima, S, Miller, P , Sezer, S, Safaeisemnani, Y, Trickel, E, Zhao, Z, Doupé, A & Joon Ahn, G 2017, Deep Android Malware Detection. in Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017. Association for Computing Machinery, ACM Conference on Data and Applications Security and Privacy, Scottsdale, Arizona, United States, 22/03/2017. https://doi.org/10.1145/3029806.3029823

Deep Android Malware Detection. / McLaughlin, Niall ; Martinez del Rincon, Jesus; Kang, BooJoong; Yerima, Suleiman; Miller, Paul ; Sezer, Sakir; Safaeisemnani, Yeganeh; Trickel, Erik; Zhao, Ziming; Doupé, Adam; Joon Ahn, Gail.

Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017. Association for Computing Machinery, 2017.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Deep Android Malware Detection

AU - McLaughlin, Niall

AU - Martinez del Rincon, Jesus

AU - Kang, BooJoong

AU - Yerima, Suleiman

AU - Miller, Paul

AU - Sezer, Sakir

AU - Safaeisemnani, Yeganeh

AU - Trickel, Erik

AU - Zhao, Ziming

AU - Doupé, Adam

AU - Joon Ahn, Gail

N1 - Conference code: 7th

PY - 2017/3/22

Y1 - 2017/3/22

N2 - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods,as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.

AB - In this paper, we propose a novel android malware detection system that uses a deep convolutional neural network (CNN). Malware classification is performed based on static analysis of the raw opcode sequence from a disassembled program. Features indicative of malware are automatically learned by the network from the raw opcode sequence thus removing the need for hand-engineered malware features. The training pipeline of our proposed system is much simpler than existing n-gram based malware detection methods,as the network is trained end-to-end to jointly learn appropriate features and to perform classification, thus removing the need to explicitly enumerate millions of n-grams during training. The network design also allows the use of long n-gram like features, not computationally feasible with existing methods. Once trained, the network can be efficiently executed on a GPU, allowing a very large number of files to be scanned quickly.

U2 - 10.1145/3029806.3029823

DO - 10.1145/3029806.3029823

M3 - Conference contribution

BT - Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY) 2017

PB - Association for Computing Machinery

T2 - ACM Conference on Data and Applications Security and Privacy

Y2 - 22 March 2017 through 24 March 2017

ER -

Deep Android Malware Detection

Abstract

Conference

Access to Document

Fingerprint

Jesus Martinez-del-Rincon

Niall McLaughlin

Cite this

Deep Android Malware Detection

Abstract

Conference

Access to Document

Fingerprint

Profiles

Jesus Martinez-del-Rincon

Niall McLaughlin

Cite this