A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation

Tzung Han Jeng; Ying Ching Chang; Hui Hsuan Yang; Li Kai Chen; Yi Ming Chen

doi:10.1145/3556223.3556257

A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation

Tzung Han Jeng, Ying Ching Chang, Hui Hsuan Yang, Li Kai Chen, Yi Ming Chen

Department of Information Management

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

With the popularity of Android mobile devices and the increase of related applications, hackers regard it as the primary attack target. Therefore, malware detection is essential nowadays, and many of these studies employ deep learning techniques. In recent years, the attention mechanism provides corresponding attention weights for different hidden states, and it is widely used in many fields, such as machine translation and image markup. However, no research has applied the attention mechanism to Android malware analysis. Hence, this paper completes the goal of malware family classification based on the static features of Android applications. We compare the difference between the original convolutional neural network (CNN) and the addition of the attention mechanism. The final experimental results show that the attention mechanism improves the accuracy of the existing CNN model by 1.99% in static opcode images. In addition, we further adopt the occlusion sensitivity method to try to explain the classification model proposed in this paper. Finally, the experimental results of model interpretation show that the classification model can effectively identify the threat behavior of malware.

Original language	English
Title of host publication	Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022
Publisher	Association for Computing Machinery
Pages	226-232
Number of pages	7
ISBN (Electronic)	9781450396349
DOIs	https://doi.org/10.1145/3556223.3556257
State	Published - 29 Jul 2022
Event	10th International Conference on Computer and Communications Management, ICCCM 2022 - Okayama, Japan Duration: 29 Jul 2022 → 31 Jul 2022

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	10th International Conference on Computer and Communications Management, ICCCM 2022
Country/Territory	Japan
City	Okayama
Period	29/07/22 → 31/07/22

Keywords

Android Malware Classification
Attention Mechanism
CNN
Deep Learning
Model Interpretation

Access to Document

10.1145/3556223.3556257

Cite this

Jeng, T. H., Chang, Y. C., Yang, H. H., Chen, L. K., & Chen, Y. M. (2022). A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation. In Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022 (pp. 226-232). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3556223.3556257

@inproceedings{84b3d622699d4c8596fef98420d08fe3,

title = "A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation",

abstract = "With the popularity of Android mobile devices and the increase of related applications, hackers regard it as the primary attack target. Therefore, malware detection is essential nowadays, and many of these studies employ deep learning techniques. In recent years, the attention mechanism provides corresponding attention weights for different hidden states, and it is widely used in many fields, such as machine translation and image markup. However, no research has applied the attention mechanism to Android malware analysis. Hence, this paper completes the goal of malware family classification based on the static features of Android applications. We compare the difference between the original convolutional neural network (CNN) and the addition of the attention mechanism. The final experimental results show that the attention mechanism improves the accuracy of the existing CNN model by 1.99% in static opcode images. In addition, we further adopt the occlusion sensitivity method to try to explain the classification model proposed in this paper. Finally, the experimental results of model interpretation show that the classification model can effectively identify the threat behavior of malware.",

keywords = "Android Malware Classification, Attention Mechanism, CNN, Deep Learning, Model Interpretation",

author = "Jeng, {Tzung Han} and Chang, {Ying Ching} and Yang, {Hui Hsuan} and Chen, {Li Kai} and Chen, {Yi Ming}",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 10th International Conference on Computer and Communications Management, ICCCM 2022 ; Conference date: 29-07-2022 Through 31-07-2022",

year = "2022",

month = jul,

day = "29",

doi = "10.1145/3556223.3556257",

language = "???core.languages.en_GB???",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "226--232",

booktitle = "Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022",

}

Jeng, TH, Chang, YC, Yang, HH, Chen, LK & Chen, YM 2022, A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation. in Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 226-232, 10th International Conference on Computer and Communications Management, ICCCM 2022, Okayama, Japan, 29/07/22. https://doi.org/10.1145/3556223.3556257

A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation. / Jeng, Tzung Han; Chang, Ying Ching; Yang, Hui Hsuan et al.
Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022. Association for Computing Machinery, 2022. p. 226-232 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation

AU - Jeng, Tzung Han

AU - Chang, Ying Ching

AU - Yang, Hui Hsuan

AU - Chen, Li Kai

AU - Chen, Yi Ming

PY - 2022/7/29

Y1 - 2022/7/29

N2 - With the popularity of Android mobile devices and the increase of related applications, hackers regard it as the primary attack target. Therefore, malware detection is essential nowadays, and many of these studies employ deep learning techniques. In recent years, the attention mechanism provides corresponding attention weights for different hidden states, and it is widely used in many fields, such as machine translation and image markup. However, no research has applied the attention mechanism to Android malware analysis. Hence, this paper completes the goal of malware family classification based on the static features of Android applications. We compare the difference between the original convolutional neural network (CNN) and the addition of the attention mechanism. The final experimental results show that the attention mechanism improves the accuracy of the existing CNN model by 1.99% in static opcode images. In addition, we further adopt the occlusion sensitivity method to try to explain the classification model proposed in this paper. Finally, the experimental results of model interpretation show that the classification model can effectively identify the threat behavior of malware.

AB - With the popularity of Android mobile devices and the increase of related applications, hackers regard it as the primary attack target. Therefore, malware detection is essential nowadays, and many of these studies employ deep learning techniques. In recent years, the attention mechanism provides corresponding attention weights for different hidden states, and it is widely used in many fields, such as machine translation and image markup. However, no research has applied the attention mechanism to Android malware analysis. Hence, this paper completes the goal of malware family classification based on the static features of Android applications. We compare the difference between the original convolutional neural network (CNN) and the addition of the attention mechanism. The final experimental results show that the attention mechanism improves the accuracy of the existing CNN model by 1.99% in static opcode images. In addition, we further adopt the occlusion sensitivity method to try to explain the classification model proposed in this paper. Finally, the experimental results of model interpretation show that the classification model can effectively identify the threat behavior of malware.

KW - Android Malware Classification

KW - Attention Mechanism

KW - CNN

KW - Deep Learning

KW - Model Interpretation

UR - http://www.scopus.com/inward/record.url?scp=85140722514&partnerID=8YFLogxK

U2 - 10.1145/3556223.3556257

DO - 10.1145/3556223.3556257

M3 - 會議論文篇章

AN - SCOPUS:85140722514

T3 - ACM International Conference Proceeding Series

SP - 226

EP - 232

BT - Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022

PB - Association for Computing Machinery

T2 - 10th International Conference on Computer and Communications Management, ICCCM 2022

Y2 - 29 July 2022 through 31 July 2022

ER -

Jeng TH, Chang YC, Yang HH, Chen LK, Chen YM. A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation. In Proceedings of the 10th International Conference on Computer and Communications Management, ICCCM 2022. Association for Computing Machinery. 2022. p. 226-232. (ACM International Conference Proceeding Series). doi: 10.1145/3556223.3556257

A Novel Deep Learning Based Attention Mechanism for Android Malware Detection and Explanation

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this