Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ EAI Endorsed Transac...arrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
versions View all 2 versions
addClaim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.
addClaim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.

Leveraging attention-based deep neural networks for security vetting of Android applications

Authors: Prabesh Pathak; Prabesh Poudel; Sankardas Roy; Doina Caragea;

Leveraging attention-based deep neural networks for security vetting of Android applications

Abstract

Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attentionand Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models.

Related Organizations
Subjects by Vocabulary

Microsoft Academic Graph classification: Computer science Computer security computer.software_genre Vetting Deep neural networks Android (operating system) computer

Keywords

Technology, T, attention, malware detection, deep neural networks, android security, android apps

28 references, page 1 of 3

[1] Statcounter (2021), Android OS Market Share. URL https://gs.statcounter.com/os-market-share/ mobile/worldwide.

[2] Chaulagain, D., Poudel, P., Pathak, P., Roy, S., Caragea, D., Ou, X. and Liu, G. (2020) Hybrid analysis of android apps for security vetting using deep learning. In IEEE conference on communications and network security (CNS).

[3] Pascanu, R., Mikolov, T. and Bengio, Y. (2012) Understanding the Exploding Gradient Problem. arXiv e-print : arXiv:1211.5063.

[4] Bengio, Y., Simard, P. and Frasconi, P. (1994) Learning Long-term Dependencies with Gradient Descent is Difficult. IEEE Transactions on Neural Networks : 157- 166. [OpenAIRE]

[5] Gers, F.A., Schmidhuber, J. and Cummins, F. (1999) Learning to forget: continual prediction with lstm. In 1999 Ninth International Conference on Artificial Neural Networks ICANN 99. (Conf. Publ. No. 470): 850-855. [OpenAIRE]

[6] Bahdanau, D., Cho, K. and Bengio, Y. (2016), Neural machine translation by jointly learning to align and translate. 1409.0473.

[7] Luong, M.T., Pham, H. and Manning, C.D. (2015), Effective approaches to attention-based neural machine translation. 1508.04025.

[8] Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L. et al. (2017), Attention is all you need. 1706.03762.

[9] Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y. et al. (2014) FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycleaware Taint Analysis for Android Apps. SIGPLAN : 259- 269. [OpenAIRE]

[10] Wei, F., Roy, S., Ou, X. and , R. (2018) Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps. ACM Transactions on Privacy and Security : 1-32.

  • BIP!
    Impact byBIP!
    citations
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    2
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    Average
  • citations
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    2
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    Average
    Powered byBIP!BIP!
Powered by OpenAIRE graph
Found an issue? Give us feedback
citations
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
2
Average
Average
Average
Funded by
NSF| SaTC: CORE: Small: Collaborative: Data-driven Approaches for Large-scale Security Analysis of Mobile Applications
Project
  • Funder: National Science Foundation (NSF)
  • Project Code: 1718214
  • Funding stream: Directorate for Computer & Information Science & Engineering | Division of Computer and Network Systems
,
NSF| SaTC: CORE: Small: Collaborative: Data-driven Approaches for Large-scale Security Analysis of Mobile Applications
Project
  • Funder: National Science Foundation (NSF)
  • Project Code: 1717871
  • Funding stream: Directorate for Computer & Information Science & Engineering | Division of Computer and Network Systems
iis
moresidebar

Do the share buttons not appear? Please make sure, any blocking addon is disabled, and then reload the page.