This paper is the first study of the multimodal deep learning to be used in the android malware detection, and compared the performance of the framework with those of other existing methods including deep learning-based methods.
Abstract:
With the widespread use of smartphones, the number of malware has been increasing exponentially. Among smart devices, android devices are the most targeted devices by malware because of their high popularity. This paper proposes a novel framework for android malware detection. Our framework uses various kinds of features to reflect the properties of android applications from various aspects, and the features are refined using our existence-based or similarity-based feature extraction method for effective feature representation on malware detection. Besides, a multimodal deep learning method is proposed to be used as a malware detection model. This paper is the first study of the multimodal deep learning to be used in the android malware detection. With our detection model, it was possible to maximize the benefits of encompassing multiple feature types. To evaluate the performance, we carried out various experiments with a total of 41 260 samples. We compared the accuracy of our model with that of other deep neural network models. Furthermore, we evaluated our framework in various aspects including the efficiency in model updates, the usefulness of diverse features, and our feature representation method. In addition, we compared the performance of our framework with those of other existing methods including deep learning-based methods.
TL;DR: A highly scalable and hybrid DNNs framework called scale-hybrid-IDS-AlertNet is proposed which can be used in real-time to effectively monitor the network traffic and host-level events to proactively alert possible cyberattacks.
TL;DR: A novelty in combining visualization and deep learning architectures for static, dynamic, and image processing-based hybrid approach applied in a big data environment is the first of its kind toward achieving robust intelligent zero-day malware detection.
TL;DR: In this paper, the authors presented a lightweight deep learning DDoS detection system called Lucid, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign.
TL;DR: This survey aims to address the challenges in DL-based Android malware detection and classification by systematically reviewing the latest progress, including FCN, CNN, RNN, DBN, AE, and hybrid models, and organize the literature according to the DL architecture.
TL;DR: This paper presents a practical, lightweight deep learning DDoS detection system called Lucid, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign, with a 40x reduction in processing time.
TL;DR: This work introduces Adam, an algorithm for first-order gradient-based optimization of stochastic objective functions, based on adaptive estimates of lower-order moments, and provides a regret bound on the convergence rate that is comparable to the best known results under the online convex optimization framework.
TL;DR: It is shown that dropout improves the performance of neural networks on supervised learning tasks in vision, speech recognition, document classification and computational biology, obtaining state-of-the-art results on many benchmark data sets.
TL;DR: In this paper, a density-based notion of clusters is proposed to discover clusters of arbitrary shape, which can be used for class identification in large spatial databases and is shown to be more efficient than the well-known algorithm CLAR-ANS.
TL;DR: Restricted Boltzmann machines were developed using binary stochastic hidden units that learn features that are better for object recognition on the NORB dataset and face verification on the Labeled Faces in the Wild dataset.
TL;DR: This textbook offers a comprehensive and self-contained introduction to the field of machine learning, based on a unified, probabilistic approach, and is suitable for upper-level undergraduates with an introductory-level college math background and beginning graduate students.
Q1. What contributions have the authors mentioned in the paper "A multimodal deep learning method for android malware detection using various features" ?
This paper proposes a novel framework for Android malware detection. This paper is the first study of the multimodal deep learning to be used in the Android malware detection. Furthermore, the authors evaluated their framework in various aspects including the efficiency in model updates, the usefulness of diverse features, and their feature representation method. In addition, the authors compared the performance of their framework with those of other existing methods including deep learning based methods.
Q2. How many samples were used for the evaluation of their model?
For the evaluation of their model, 20,000 malware samples from VirusShare [38] and 1,260 from the Malgenome project [37] were used.
Q3. What are the two types of feature vectors?
The seven feature vectors are divided into two types according to their feature representations: existence-based feature vectors and similarity-based feature vectors.
Q4. What are the main processes for the detection of Android APK?
The framework conducts four major processes for the detection; raw data extraction process, feature extraction process, feature vector generation process, and detection process.
Q5. Why is it necessary to update the model continuously?
Since the malware detection model should reflect the characteristics of those new applications for accurate and prompt detection, it is necessary to update the model continuously.
Q6. What are the permission features used in Android?
The extracted request permissions and security permissions (the tuples of name, permission group, and protection level) are used as permission features.
Q7. What is the reason for the resizing algorithms?
The size of the raw data such as naïve binary files of each application varies greatly, so the resizing algorithms are necessary to provide the fixed sized feature vectors which fit in their neural network model.
Q8. What are the methods to verify Android applications to defend against the component hijacking attacks?
CHEX [13], DroidChecker [14], AAPL [15], and Amandroid [16] are methods to verify Android applications to defend against the component hijacking attacks.
Q9. How is the degree of influence of a feature determined?
The degree of influence of the feature on classification is determined according to the weight of the neurons affected by the feature.
Q10. What are the main reasons of their feature vector generation method?
To show the effectiveness of their feature vector generation method including feature extraction, the authors conducted experiments to compare their framework with other methods: the native binary-based detection method, the bag-of-words based detection method, and an open-sourced opcode sequence-based detection method [30].