Deep Convolutional Generative Adversarial Networks for Intent-based Dynamic Behavior Capture
-
2018-11-26 
https://doi.org/10.14419/ijet.v7i4.29.21949
-
Android security, Malware detection, Deep Learning, Generative Models, DCGAN -
Malware analysis for Android systems has been the focus of considerable research in the past few years due to the large customer base moving towards Android, which has attracted a corresponding number of malware writers. Several techniques have been used to detect the malicious behavior of Android applications as well as that of the complete system. Machine-learning techniques have been used in the past to assess the behavior of an application using either static or dynamic analysis. However, for large scale Android malware analysis traditional machine learning techniques are not feasible. In this regard, many deep neural architectures have used static analysis. It has been shown that static analysis techniques can leave many malicious behaviors of an application unnoticed. In this paper, we used a new deep-learning architecture known as deep convolutional generative adversarial networks to measure the dynamic behavior of Android applications. More- over, we used the notion of Android intents as the parameter to measure the dynamic behavior of an application. We gathered a large set of intent-based behavior from more than 4,000 infected applications as well as 10 thousand applications’ good behaviors on our modiï¬ed Oreo version of Android. We received an F1 score of 0.996 and AUC curve of 0.993, which is almost the same as those received by many state- of-the-art works using machine learning.
-
References
[1] T. Register, “Earn £8,000 a MONTH with bogus apps from Russian malware factories,†2013, available at: https://www.theregister.co.uk/2013/08/05/mobile_ malware_lookout/.
[2] “McAfee Threats Report: First Quarter 2013,†2013, available at: https://www.wilderssecurity.com/threads/ mcafee-threats-report-ï¬rst-quarter-2013.348153/.
[3] McAfee, “McAfee Threats Report: 2014,†2013, available at: https://www.mcafee.com/error-pages/404.aspx? url=https://www.mcafee.com/us/resources/reports/ rp-threats-predictions-2014.pdf.
[4] I. Week, “Cybercrime Black Market ,†2014, avail- able at: https://ulasforensikadigital.weebly.com/home/ cybercrime-black-market.
[5] Symantec, “Internet Security Threat Report,†April 2016, https://www.symantec.com/content/dam/symantec/ docs/reports/istr-21-2016-en.pdf.
[6] Google, “VirusTotal. File Statistics,†https://www. virustotal.com/en/statistics/,July2017.
[7] Symantec, “Internet Security Threat Report 2014,†2014, available at: https://issuu.com/ezenta-itsikkerhed/docs/ internet_security_threat_ report_201.
[8] J. J. Drake, Z. Lanier, C. Mulliner, P. O. Fora, S. A. Ridley, and G. Wicherski, Android hacker’s handbook. John Wiley & Sons, 2014.
[9] S. Ltd, “Android Malware Families,†2009, avail- able at: http://developer.android.com/reference/java/ net/URLClassLoader.html.
[10] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C. Siemens, “Drebin: Effective and explain- able detection of android malware in your pocket.†in Ndss, vol. 14, 2014, pp. 23–26.
[11] W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “Taint- droid: an information-flow tracking system for realtime privacy monitoring on smartphones,†ACM Transactions on Computer Systems (TOCS), vol. 32, no. 2, p. 5, 2014.
[12] Y. LeCun, Y. Bengio et al., “Convolutional networks for images, speech, and time series,†The handbook of brain theory and neural networks, vol. 3361, no. 10, p. 1995, 1995.
[13] K. Hornik, M. Stinchcombe, and H. White, “Multi- layer feedforward networks are universal approxima- tors,†Neural networks, vol. 2, no. 5, pp. 359–366, 1989.
[14] R. Salakhutdinov and I. Murray, “On the quantitative analysis of deep belief networks,†in Proceedings of the 25th international conference on Machine learning. ACM, 2008, pp. 872–879.
[15] G. E. Hinton and R. R. Salakhutdinov, “Reducing the dimensionality of data with neural networks,†science, vol. 313, no. 5786, pp. 504–507, 2006.
[16] Z. Yang, Z. Hu, Y. Deng, C. Dyer, and A. Smola, “Neural machine translation with recurrent attention modeling,†arXiv preprint arXiv:1607.05108, 2016.
[17] S. Hochreiter and J. Schmidhuber, “Long short-term memory,†Neural computation, vol. 9, no. 8, pp. 1735– 1780, 1997.
[18] M. Nauman, T. A. Tanveer, S. Khan, and T. A. Syed, “Deep neural architectures for large scale android malware analysis,†Cluster Computing, pp. 1–20, 2017.
[19] M. I. Sharif, V. Yegneswaran, H. Saidi, P. A. Porras, and W. Lee, “Eureka: A framework for enabling static malware analysis.†in ESORICS, vol. 8. Springer, 2008, pp. 481– 500.
[20] [A. Moser, C. Kruegel, and E. Kirda, “Limits of static analysis for malware detection,†in Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual. IEEE, 2007, pp. 421–430.
[21] A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Ki- raz, K. A. Yuksel, S. A. Camtepe, and S. Albayrak, “Static analysis of executables for collaborative malware detec- tion on android,†in Communications, 2009. ICC’09. IEEE International Conference on. IEEE, 2009, pp. 1–5.
[22] D. Kim, A. Majlesi-Kupaei, J. Roy, K. Anand, K. ElWazeer, D. Buettner, and R. Barua, “Dynodet: Detecting dynamic obfuscation in malware,†in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2017, pp. 97–118.
[23] R. Islam, R. Tian, L. M. Batten, and S. Versteeg, “Classiï¬cation of malware based on integrated static and dynamic features,†Journal of Network and Computer Applications, vol. 36, no. 2, pp. 646–656, 2013.
[24] github, “PEInfor Service.†https://github.com/crits/crits_ services/tree/master/peinfo_service,July2017.
[25] D.-J. Wu, C.-H. Mao, T.-E. Wei, H.-M. Lee, and K.-P. Wu, “Droidmat: Android malware detection through manifestand API calls tracing,†in Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, 2012, pp. 62–69.
[26] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystiï¬ed,†in Proceedings of the 18th ACM conference on Computer and communications security. ACM, 2011, pp. 627–638.
[27] K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “Pscout: analyzing the android permission speciï¬cation,†in Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 2012, pp. 217–228.
[28] X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos, “Permission evolution in the android ecosystem,†in Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 2012, pp. 31–40.
[29] C. Linn and S. Debray, “Obfuscation of executable code to improve resistance to static disassembly,†in Proceedings of the 10th ACM conference on Computer and communications security. ACM, 2003, pp. 290–299.
[30] L. Li, A. Bartel, T. F. Bissyandé, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. Mc- Daniel, “Iccta: Detecting inter-component privacy leaks in android apps,†in Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press, 2015, pp. 280–291.
[31] A. Moser, C. Kruegel, and E. Kirda, “Exploring multiple execution paths for malware analysis,†in Security and Privacy, 2007. SP’07. IEEE Symposium on. IEEE, 2007, pp. 231–245.
[32] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, “Flow- droid: Precise context, flow, ï¬eld, object-sensitive and lifecycle-aware taint analysis for android apps,†Acm Sigplan Notices, vol. 49, no. 6, pp. 259–269, 2014.
[33] L.-K. Yan and H. Yin, “Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis.†in USENIX security symposium, 2012, pp. 569–584.
[34] B. Davis and H. Chen, “Retroskeleton: retroï¬tting an- droid apps,†in Proceeding of the 11th annual international conference on Mobile systems, applications, and services. ACM, 2013, pp. 181–192.
[35] A. P. Fuchs, A. Chaudhuri, and J. S. Foster, “Scandroid: Automated security certiï¬cation of android,†Tech. Rep., 2009.
[36] M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. von Styp-Rekowsky, “Appguard–ï¬ne-grained policy enforcement for untrusted android applications,†in Data Privacy Management and Autonomous Spontaneous Security. Springer, 2014, pp. 213–231.
[37] K. Z. Chen, N. M. Johnson, V. D’Silva, S. Dai, K. MacNa- mara, T. R. Magrino, E. X. Wu, M. Rinard, and D. X. Song, “Contextual policy enforcement in android applications with permission event graphs.†in NDSS, 2013, p. 234.
[38] T.-H. Ho, D. Dean, X. Gu, and W. Enck, “Prec: practical root exploit containment for android devices,†in Proceedings of the 4th ACM conference on Data and application security and privacy. ACM, 2014, pp. 187– 198.
[39] VXShare, “VirusShare,†Accessed date 03 November 2017, available at: https://www.virusshare.com.
[40] Google Play Downloader via Command line, https:// github.com/matlink/gplaycli.
[41] I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, “Generative adversarial nets,†in Advances in neural information processing systems, 2014, pp. 2672–2680.
[42] Z. C. Lipton, “Deep Convolutional Generative Adversarial Networks,†available at: https://github.com/zackchase/ mxnet-the-straight-dope/blob/master/chapter14_ generative-adversarial-networks/dcgan.ipynb.
[43] J. Burns, “Exploratory Android Surgery,†in Black Hat Technical Security Conference USA, 2009, available at: https://www.blackhat.com/html/bh-usa-09/ bh-usa-09-archives.html.
[44] F. Bastien, P. Lamblin, R. Pascanu, J. Bergstra, I. Good- fellow, A. Bergeron, N. Bouchard, D. Warde-Farley, and Y. Bengio, “Theano: new features and speed improve- ments,†arXiv preprint arXiv:1211.5590, 2012.
M. Abadi, A. Agarwal, P. Barham, E. Brevdo, Z. Chen, C. Citro, G. Corrado, A. Davis, J. Dean, M. Devin et al., “Tensorflow: Large-scale machine learning on heterogeneous distributed systems, 2015,†arXiv preprint arXiv:1603.04467, 2015
-
Downloads
-
-
How to Cite
Jan, S., Musa, S., Ali, T., & Alzahrani, A. (2018). Deep Convolutional Generative Adversarial Networks for Intent-based Dynamic Behavior Capture. International Journal of Engineering & Technology, 7(4.29), 101-103. https://doi.org/10.14419/ijet.v7i4.29.21949
