Abstract
Zero-day malware samples pose a considerable danger to users as implicitly there are no documented defences for previously unseen, newly encountered behaviour. Malware detection therefore relies on past knowledge to attempt to deal with zero-days. Often such insight is provided by a human expert hand-crafting and pre-categorising certain features as malicious. However, tightly coupled feature-engineering based on previous domain knowledge risks not being effective when faced with a new threat. In this work we decouple this human expertise, instead encapsulating knowledge inside a deep learning neural net with no prior understanding of malicious characteristics. Raw input features consist of low-level opcodes, app permissions and proprietary Android API package usage. Our method makes three main contributions. Firstly, a novel multi-view deep learning Android malware detector with no specialist malware domain insight used to select, rank or hand-craft input features. Secondly, a comprehensive zero-day scenario evaluation using the Drebin and AMD benchmarks, with our model achieving weighted average detection rates of 91% and 81% respectively, an improvement of up to 57% over the state-of-the-art. Thirdly, a 77% reduction in false positives on average compared to the state-of-the-art, with excellent F1 scores of 0.9928 and 0.9963 for the general detection task again on the Drebin and AMD benchmark datasets respectively.
Original language | English |
---|---|
Journal | Journal of Information Security and Applications |
Volume | 58 |
Early online date | 13 Jan 2021 |
DOIs | |
Publication status | Early online date - 13 Jan 2021 |
Fingerprint
Dive into the research topics of 'Multi-view Deep Learning for Zero-day Android Malware Detection'. Together they form a unique fingerprint.Student theses
-
Multi-view convolutional neural networks for cybersecurity applications
Millar, S. (Author), Martinez del Rincon, J. (Supervisor) & Miller, P. (Supervisor), Jul 2022Student thesis: Doctoral Thesis › Doctor of Philosophy
File