R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections

Presented at AppSec USA 2017, Sept. 22, 2017, 10:30 a.m. (45 minutes).

Machine Learning (ML) has found it particularly useful in malware detection. However, as the malware evolves very fast, the stability of the feature extracted from malware serves as a critical issue in malware detection. The recent success of deep learning in image recognition, natural language processing, and machine translation indicates a potential solution for stabilizing the malware detection effectiveness. We present a color-inspired convolutional neural network-based Android malware detection, R2-D2, which can detect malware without extracting pre-selected features (e.g., the control-flow of op-code, classes, methods of functions and the timing they are invoked etc.) from Android apps. In particular, we develop a color representation for translating Android apps into rgb color code and transform them to a fixed-sized encoded image. After that, the encoded image is fed to convolutional neural network for automatic feature extraction and learning, reducing the expert's intervention.We have run our system over 800k malware samples and 800k benign samples through our back-end (60 million monthly active users and 10k new malware samples per day), showing that R2-D2 can effectively detect the malware. Furthermore, we will keep our research results on http://R2D2.TWMAN.ORG if there any update.


Presenters:

  • TonTon Huang - Cyber-Security/Deep Learning Research - Leopard Mobile Inc.
    Hsien-De Huang (a.k.a. TonTon) is working for Leopard Mobile (Cheetah Mobile Taiwan Agency). His current major research interests include Deep Learning, Malware Analysis, Android Reverse Engineering, Type-2 Fuzzy Logic, and Ontology Applications. He also is a Ph. D. candidate (IKM Lab.) in the Dept. Computer Science and Information Engineering at National Cheng Kung University, Taiwan. He also was a visiting Ph. D student in the UK for research project "2010 Initiative Research Cooperation among Top Universities between UK and Taiwan" at University of Essex, UK and in the research project "2012 NSC-INRIA International Program - Associate Team (II)" at INRIA Saclay, France. In the past few years, he was a Software Developer at Verint Systems (Taiwan), Senior Security Engineer at Acer e-Enabling Data Center(Acer eDC) and Project Assistant Researcher at the National Center for High-Performance Computing (NCHC). http://TWMAN.ORG is his personal website.
  • Chia-Mu Yu
    Enjoy the intersection between AI, security, and privacy
  • Hung-Yu Kao - Professor - National Cheng Kung University
    Hung-Yu Kao received the B.S. and M.S. degree in Computer Science from National Tsing Hua University in 1994 and 1996 respectively. In July 2003, he received the PhD degree from the Electrical Engineering Department, National Taiwan University. He is currently the Director of Institute of Medical Informatics and a professor of Department of Computer Science and Information Engineering of National Cheng Kung University. He was a post-doctoral fellow of Institute of Information Science (IIS), Academia Sinica from 2003 to 2004. His research interests include Web information retrieval / extraction, search engine, knowledge management, data mining, social network analysis and bioinformatics. He has published more than 60 research papers in refereed international journals and conference proceedings. He is a member of IEEE and ACM.

Links:

Similar Presentations: