Fast, automatic and scalable learning to detect android malware

Mahmood Yousefi-Azar; Len Hamey; Vijay Varadharajan; Mark D. McDonnell

doi:10.1007/978-3-319-70139-4_86

Fast, automatic and scalable learning to detect android malware

Mahmood Yousefi-Azar^*, Len Hamey, Vijay Varadharajan, Mark D. McDonnell

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

5 Citations (Scopus)

Abstract

We propose a novel scheme for Android malware detection. The scheme has two extremely fast phases. First term-frequency simhashing (tf-simhashing) extracts a fixed sized vector for each binary file. The hashing algorithm embeds the frequency of n-grams of bytes into the output vector which can be reshaped into an image representation. In the second phase, we propose a convolutional extreme learning machine (CELM) learns to distinguish between hashes of malicious and clean files as a two class classification task. This scalable scheme is extremely fast in both learning and predicting. The results show that tf-simhashing in an image-shape representation together with CELM provides better performance than three non-parametric models and one state-of-the-art parametric model.

Original language	English
Title of host publication	Neural Information Processing
Subtitle of host publication	24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V
Editors	Derong Liu, Shengli Xie, Yuanqing Li, Dongbin Zhao, El-Sayed M. El-Alfy
Publisher	Springer, Springer Nature
Pages	848-857
Number of pages	10
ISBN (Electronic)	9783319701394
ISBN (Print)	9783319701387
DOIs	https://doi.org/10.1007/978-3-319-70139-4_86
Publication status	Published - 2017
Event	24th International Conference on Neural Information Processing, ICONIP 2017 - Guangzhou, China Duration: 14 Nov 2017 → 18 Nov 2017

Publication series

Name	Lecture Notes in Computer Science
Volume	10638
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	24th International Conference on Neural Information Processing, ICONIP 2017
Country/Territory	China
City	Guangzhou
Period	14/11/17 → 18/11/17

Keywords

Android malware detection
Convolutional extreme learning machine
Static analysis
Term-frequency simhashing

Access to Document

10.1007/978-3-319-70139-4_86

Cite this

Yousefi-Azar, M., Hamey, L., Varadharajan, V., & McDonnell, M. D. (2017). Fast, automatic and scalable learning to detect android malware. In D. Liu, S. Xie, Y. Li, D. Zhao, & E.-S. M. El-Alfy (Eds.), Neural Information Processing: 24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V (pp. 848-857). (Lecture Notes in Computer Science; Vol. 10638). Springer, Springer Nature. https://doi.org/10.1007/978-3-319-70139-4_86

Yousefi-Azar, Mahmood ; Hamey, Len ; Varadharajan, Vijay et al. / Fast, automatic and scalable learning to detect android malware. Neural Information Processing: 24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V. editor / Derong Liu ; Shengli Xie ; Yuanqing Li ; Dongbin Zhao ; El-Sayed M. El-Alfy. Springer, Springer Nature, 2017. pp. 848-857 (Lecture Notes in Computer Science).

@inproceedings{adda803efb824250bfcb25669b12329a,

title = "Fast, automatic and scalable learning to detect android malware",

abstract = "We propose a novel scheme for Android malware detection. The scheme has two extremely fast phases. First term-frequency simhashing (tf-simhashing) extracts a fixed sized vector for each binary file. The hashing algorithm embeds the frequency of n-grams of bytes into the output vector which can be reshaped into an image representation. In the second phase, we propose a convolutional extreme learning machine (CELM) learns to distinguish between hashes of malicious and clean files as a two class classification task. This scalable scheme is extremely fast in both learning and predicting. The results show that tf-simhashing in an image-shape representation together with CELM provides better performance than three non-parametric models and one state-of-the-art parametric model.",

keywords = "Android malware detection, Convolutional extreme learning machine, Static analysis, Term-frequency simhashing",

author = "Mahmood Yousefi-Azar and Len Hamey and Vijay Varadharajan and McDonnell, {Mark D.}",

year = "2017",

doi = "10.1007/978-3-319-70139-4_86",

language = "English",

isbn = "9783319701387",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Springer Nature",

pages = "848--857",

editor = "Derong Liu and Shengli Xie and Yuanqing Li and Dongbin Zhao and El-Alfy, {El-Sayed M.}",

booktitle = "Neural Information Processing",

address = "United States",

note = "24th International Conference on Neural Information Processing, ICONIP 2017 ; Conference date: 14-11-2017 Through 18-11-2017",

}

Yousefi-Azar, M, Hamey, L , Varadharajan, V & McDonnell, MD 2017, Fast, automatic and scalable learning to detect android malware. in D Liu, S Xie, Y Li, D Zhao & E-SM El-Alfy (eds), Neural Information Processing: 24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V. Lecture Notes in Computer Science, vol. 10638, Springer, Springer Nature, pp. 848-857, 24th International Conference on Neural Information Processing, ICONIP 2017, Guangzhou, China, 14/11/17. https://doi.org/10.1007/978-3-319-70139-4_86

Fast, automatic and scalable learning to detect android malware. / Yousefi-Azar, Mahmood; Hamey, Len ; Varadharajan, Vijay et al.
Neural Information Processing: 24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V. ed. / Derong Liu; Shengli Xie; Yuanqing Li; Dongbin Zhao; El-Sayed M. El-Alfy. Springer, Springer Nature, 2017. p. 848-857 (Lecture Notes in Computer Science; Vol. 10638).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Fast, automatic and scalable learning to detect android malware

AU - Yousefi-Azar, Mahmood

AU - Hamey, Len

AU - Varadharajan, Vijay

AU - McDonnell, Mark D.

PY - 2017

Y1 - 2017

N2 - We propose a novel scheme for Android malware detection. The scheme has two extremely fast phases. First term-frequency simhashing (tf-simhashing) extracts a fixed sized vector for each binary file. The hashing algorithm embeds the frequency of n-grams of bytes into the output vector which can be reshaped into an image representation. In the second phase, we propose a convolutional extreme learning machine (CELM) learns to distinguish between hashes of malicious and clean files as a two class classification task. This scalable scheme is extremely fast in both learning and predicting. The results show that tf-simhashing in an image-shape representation together with CELM provides better performance than three non-parametric models and one state-of-the-art parametric model.

AB - We propose a novel scheme for Android malware detection. The scheme has two extremely fast phases. First term-frequency simhashing (tf-simhashing) extracts a fixed sized vector for each binary file. The hashing algorithm embeds the frequency of n-grams of bytes into the output vector which can be reshaped into an image representation. In the second phase, we propose a convolutional extreme learning machine (CELM) learns to distinguish between hashes of malicious and clean files as a two class classification task. This scalable scheme is extremely fast in both learning and predicting. The results show that tf-simhashing in an image-shape representation together with CELM provides better performance than three non-parametric models and one state-of-the-art parametric model.

KW - Android malware detection

KW - Convolutional extreme learning machine

KW - Static analysis

KW - Term-frequency simhashing

UR - http://www.scopus.com/inward/record.url?scp=85035092454&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-70139-4_86

DO - 10.1007/978-3-319-70139-4_86

M3 - Conference proceeding contribution

AN - SCOPUS:85035092454

SN - 9783319701387

T3 - Lecture Notes in Computer Science

SP - 848

EP - 857

BT - Neural Information Processing

A2 - Liu, Derong

A2 - Xie, Shengli

A2 - Li, Yuanqing

A2 - Zhao, Dongbin

A2 - El-Alfy, El-Sayed M.

PB - Springer, Springer Nature

T2 - 24th International Conference on Neural Information Processing, ICONIP 2017

Y2 - 14 November 2017 through 18 November 2017

ER -

Yousefi-Azar M, Hamey L , Varadharajan V, McDonnell MD. Fast, automatic and scalable learning to detect android malware. In Liu D, Xie S, Li Y, Zhao D, El-Alfy ESM, editors, Neural Information Processing: 24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V. Springer, Springer Nature. 2017. p. 848-857. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-70139-4_86

Fast, automatic and scalable learning to detect android malware

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this