Effective detection of mobile malware behavior based on explainable deep neural network

被引:13
|
作者
Yan, Anli [1 ,2 ]
Chen, Zhenxiang [1 ,2 ,5 ]
Zhang, Haibo [3 ]
Peng, Lizhi [1 ,2 ]
Yan, Qiben [4 ]
Hassan, Muhammad Umair [1 ,2 ]
Zhao, Chuan [1 ,2 ]
Yang, Bo [1 ,2 ]
机构
[1] Univ Jinan, Shandong Prov Key Lab Network Based Intelligent C, Jinan 250022, Peoples R China
[2] Univ Jinan, Sch Informat Sci & Engn, Jinan 250022, Peoples R China
[3] Univ Otago, Dept Comp Sci, Dunedin 9016, New Zealand
[4] Michigan State Univ, Dept Comp Sci & Engn, E Lansing, MI 48824 USA
[5] Shandong Univ Sci & Technol, Coll Comp Sci & Engn, Qingdao, Shandong, Peoples R China
基金
中国国家自然科学基金;
关键词
Deep neural network; Extraction rule; Malware detection; RULES; EXTRACTION; SYSTEM;
D O I
10.1016/j.neucom.2020.09.082
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
The rapid growth of the number of new mobile malware variants has posed a severe threat to user's property and privacy. Recent studies show that deep neural networks can detect malicious traffic with high accuracy. However, a deep neural network works like a black box in the sense that its structure doesn't give any insight on how it works. To overcome this drawback, we propose a method to extract rules from a deep neural network and then use the extracted rules to detect malicious network traffic. Specifically, for a trained deep neural network, we first construct one input-hidden tree per each hidden layer to represent the rules extracted between the input of the neural network and the output of that hidden layer. Then we construct one hidden-output tree to represent the rules extracted between the outputs of all hidden layers and the output of the neural network. Finally, these trees are merged to form one rule tree using the outputs of the hidden layers as a bridge. We have performed extensive experiments to verify the effectiveness of our method in terms of accuracy, precision, recall and F-Measure metrics by comparing it with other state-of-the-art methods. Experimental results show that our method achieves high accuracy using the packet size of only the first nine packets as a feature, which also gives good interpretability on how the deep neural network performs to detect malicious traffic. Besides, we design an online detection system based on FPGA to provide online detection in a high-speed network environment using rule tree, which reduces the difficulty of embedding a deep neural network into FPGA. (C) 2020 Published by Elsevier B.V.
引用
收藏
页码:482 / 492
页数:11
相关论文
共 50 条
  • [1] TrafficAV: An Effective and Explainable Detection of Mobile Malware Behavior Using Network Traffic
    Wang, Shanshan
    Chen, Zhenxiang
    Zhang, Lei
    Yan, Qiben
    Yang, Bo
    Peng, Lizhi
    Jia, Zhongtian
    [J]. 2016 IEEE/ACM 24TH INTERNATIONAL SYMPOSIUM ON QUALITY OF SERVICE (IWQOS), 2016,
  • [2] Mobile Malware Detection Using Deep Neural Network
    Bulut, Irfan
    Yavuz, A. Gokhan
    [J]. 2017 25TH SIGNAL PROCESSING AND COMMUNICATIONS APPLICATIONS CONFERENCE (SIU), 2017,
  • [3] Evaluating Convolutional Neural Network for Effective Mobile Malware Detection
    Martinelli, Fabio
    Marulli, Fiammetta
    Mercaldo, Francesco
    [J]. KNOWLEDGE-BASED AND INTELLIGENT INFORMATION & ENGINEERING SYSTEMS, 2017, 112 : 2372 - 2381
  • [4] Malware Detection with Deep Neural Network Using Process Behavior
    Tobiyama, Shun
    Yamaguchi, Yukiko
    Shimada, Hajime
    Ikuse, Tomonori
    Yagi, Takeshi
    [J]. PROCEEDINGS 2016 IEEE 40TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC), VOL 2, 2016, : 577 - 582
  • [5] A Fast and Effective Detection of Mobile Malware Behavior Using Network Traffic
    Liu, Anran
    Chen, Zhenxiang
    Wang, Shanshan
    Peng, Lizhi
    Zhao, Chuan
    Shi, Yuliang
    [J]. ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, ICA3PP 2018, PT IV, 2018, 11337 : 109 - 120
  • [6] Deep Neural Network Based on Android Mobile Malware Detection System Using Opcode Sequences
    Zhao, Lichao
    Li, Dan
    Zheng, Guangcong
    Shi, Wenbo
    [J]. 2018 IEEE 18TH INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY (ICCT), 2018, : 1141 - 1147
  • [7] Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network
    Wei Wang
    Mengxue Zhao
    Jigang Wang
    [J]. Journal of Ambient Intelligence and Humanized Computing, 2019, 10 : 3035 - 3043
  • [8] Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network
    Wang, Wei
    Zhao, Mengxue
    Wang, Jigang
    [J]. JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING, 2019, 10 (08) : 3035 - 3043
  • [9] Research on Malware Variant Detection Method Based on Deep Neural Network
    Xing Jianhua
    Si Jing
    Zhang Yongjing
    Li Wei
    Zheng Yuning
    [J]. 2021 IEEE 5TH INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY (ICCSP), 2021, : 144 - 147
  • [10] Obfuscated Mobile Malware Detection by Means of Dynamic Analysis and Explainable Deep Learning
    Mercaldo, Francesco
    Ciaramella, Giovanni
    Santone, Antonella
    Martinelli, Fabio
    [J]. 18TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY & SECURITY, ARES 2023, 2023,