TY - GEN
T1 - A novel preprocessing method for solving long sequence problem in android malware detection
AU - Chen, Yi Ming
AU - Hsu, Cheng Hao
AU - Kuo Chung, Kuo Chung
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/8
Y1 - 2019/8
N2 - Traditional machine learning mostly uses N-gram methods for serialization data prediction, which is not only time-consuming in the pre-processing but also computationally expensive for the model. For the current common malware detection methods, a variety of features such as API, system call, control flow, and permissions are used for machine learning analysis. However, these features depend on expert analysis and to extract multiple features is also time-consuming. This study uses Dalvik opcode as a feature, which is information rich and easy to extract. However, for the time series features of the opcode, the LSTM model and other sequence models will need effective dimension reduction approach because of the long sequence problem and variable feature length, resulting in poor training performance and long training time. Some study uses the training Embedding layer and Autoencoder to reduce the feature dimension. This method requires a layer of network training time. Another method is through feature selection. This method will result in different results as long as the data set changes or the sequence semantic is lost after feature selection. Therefore, in order to solve the above problems, this paper proposes a new preprocessing method to solve the long sequence problem that the LSTM model will encounter, so as to achieve fast training and high accuracy. This study uses a new pre-processing approach combined with an LSTM model to detect malware and achieve 95.58% accuracy on Drebin 10 family and only take 45 seconds to train a model. In addition, in the face of the small training sample problems common to deep learning, this research experiment also proved effective.
AB - Traditional machine learning mostly uses N-gram methods for serialization data prediction, which is not only time-consuming in the pre-processing but also computationally expensive for the model. For the current common malware detection methods, a variety of features such as API, system call, control flow, and permissions are used for machine learning analysis. However, these features depend on expert analysis and to extract multiple features is also time-consuming. This study uses Dalvik opcode as a feature, which is information rich and easy to extract. However, for the time series features of the opcode, the LSTM model and other sequence models will need effective dimension reduction approach because of the long sequence problem and variable feature length, resulting in poor training performance and long training time. Some study uses the training Embedding layer and Autoencoder to reduce the feature dimension. This method requires a layer of network training time. Another method is through feature selection. This method will result in different results as long as the data set changes or the sequence semantic is lost after feature selection. Therefore, in order to solve the above problems, this paper proposes a new preprocessing method to solve the long sequence problem that the LSTM model will encounter, so as to achieve fast training and high accuracy. This study uses a new pre-processing approach combined with an LSTM model to detect malware and achieve 95.58% accuracy on Drebin 10 family and only take 45 seconds to train a model. In addition, in the face of the small training sample problems common to deep learning, this research experiment also proved effective.
KW - Android malware detection
KW - Dalvik opcode
KW - LSTM
KW - Preprocessing
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85083436742&partnerID=8YFLogxK
U2 - 10.1109/Ubi-Media.2019.00012
DO - 10.1109/Ubi-Media.2019.00012
M3 - 會議論文篇章
AN - SCOPUS:85083436742
T3 - Proceedings - 2019 12th International Conference on Ubi-Media Computing, Ubi-Media 2019
SP - 12
EP - 17
BT - Proceedings - 2019 12th International Conference on Ubi-Media Computing, Ubi-Media 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 12th International Conference on Ubi-Media Computing, Ubi-Media 2019
Y2 - 6 August 2019 through 9 August 2019
ER -