A new android malware detection method based on multimodal deep learning and hybrid analysis
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Tipo de documento: | Tese |
Idioma: | eng |
Título da fonte: | Biblioteca Digital de Teses e Dissertações da Uninove |
Texto Completo: | http://bibliotecatede.uninove.br/handle/tede/3096 |
Resumo: | In the current world, whereby almost everything is digitized, cybercrime is on the rise as criminals continue to develop new ways to hack information systems. One of main tools used for cybercrime operations are malware, or malicious software. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional Machine Learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, Deep Learning (DL) malware detection methods perform automatic feature learning but usually require much more data and processing power. Moreover, there are multiple data modalities of Malware Analysis (MA) data that can be used for detection purposes. Thus, the general objective of this dissertation was to develop and evaluate a new Android malware detection method, named Chimera, based on Multimodal Deep Learning (MDL) and Hybrid Analysis (HA), using different data modalities and combining both manual and automatic feature engineering in order to increase Android malware detection rate. To train, optimize, and evaluate the models, the Knowledge Discovery in Databases (KDD) process was implemented using a new dataset based on the publicly available Android benchmark dataset Omnidroid containing Static Analysis (SA) and Dynamic Analysis (DA) data extracted from 22000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s performance outperformed its unimodal DL subnetworks, classical ML methods, and Ensemble ML methods, thus, the results of this dissertation show that the right combination of multimodal data, specialized DL methods, manual and automatic feature engineering can significantly increase Android malware detection rate. |
id |
NOVE_0dec6718556300f530c774bab32d009c |
---|---|
oai_identifier_str |
oai:localhost:tede/3096 |
network_acronym_str |
NOVE |
network_name_str |
Biblioteca Digital de Teses e Dissertações da Uninove |
repository_id_str |
|
spelling |
Sassi, Renato Joséhttp://lattes.cnpq.br/8750334661789610Sassi, Renato Joséhttp://lattes.cnpq.br/8750334661789610Lopes, Fábio Silvahttp://lattes.cnpq.br/2302666201616083Silva, Leandro Augusto dahttp://lattes.cnpq.br/1396385111251741Dias, Cleber Gustavohttp://lattes.cnpq.br/2147386441758156Martins, Fellipe Silvahttp://lattes.cnpq.br/7912881403948084http://lattes.cnpq.br/3426939060925235Oliveira, Angelo Schranko de2022-12-02T12:52:43Z2022-03-17Oliveira, Angelo Schranko de. A new android malware detection method based on multimodal deep learning and hybrid analysis. 2022.95 f. Tese( Programa de Pós-Graduação em Informática e Gestão do Conhecimento) - Universidade Nove de Julho, São Paulo.http://bibliotecatede.uninove.br/handle/tede/3096In the current world, whereby almost everything is digitized, cybercrime is on the rise as criminals continue to develop new ways to hack information systems. One of main tools used for cybercrime operations are malware, or malicious software. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional Machine Learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, Deep Learning (DL) malware detection methods perform automatic feature learning but usually require much more data and processing power. Moreover, there are multiple data modalities of Malware Analysis (MA) data that can be used for detection purposes. Thus, the general objective of this dissertation was to develop and evaluate a new Android malware detection method, named Chimera, based on Multimodal Deep Learning (MDL) and Hybrid Analysis (HA), using different data modalities and combining both manual and automatic feature engineering in order to increase Android malware detection rate. To train, optimize, and evaluate the models, the Knowledge Discovery in Databases (KDD) process was implemented using a new dataset based on the publicly available Android benchmark dataset Omnidroid containing Static Analysis (SA) and Dynamic Analysis (DA) data extracted from 22000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s performance outperformed its unimodal DL subnetworks, classical ML methods, and Ensemble ML methods, thus, the results of this dissertation show that the right combination of multimodal data, specialized DL methods, manual and automatic feature engineering can significantly increase Android malware detection rate.In the current world, whereby almost everything is digitized, cybercrime is on the rise as criminals continue to develop new ways to hack information systems. One of main tools used for cybercrime operations are malware, or malicious software. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional Machine Learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, Deep Learning (DL) malware detection methods perform automatic feature learning but usually require much more data and processing power. Moreover, there are multiple data modalities of Malware Analysis (MA) data that can be used for detection purposes. Thus, the general objective of this dissertation was to develop and evaluate a new Android malware detection method, named Chimera, based on Multimodal Deep Learning (MDL) and Hybrid Analysis (HA), using different data modalities and combining both manual and automatic feature engineering in order to increase Android malware detection rate. To train, optimize, and evaluate the models, the Knowledge Discovery in Databases (KDD) process was implemented using a new dataset based on the publicly available Android benchmark dataset Omnidroid containing Static Analysis (SA) and Dynamic Analysis (DA) data extracted from 22000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s performance outperformed its unimodal DL subnetworks, classical ML methods, and Ensemble ML methods, thus, the results of this dissertation show that the right combination of multimodal data, specialized DL methods, manual and automatic feature engineering can significantly increase Android malware detection rate.Submitted by Nadir Basilio (nadirsb@uninove.br) on 2022-12-02T12:52:43Z No. of bitstreams: 1 Angelo Schranko de Oliveira.pdf: 4736885 bytes, checksum: d3c263db3ea018f7123104adcc332964 (MD5)Made available in DSpace on 2022-12-02T12:52:43Z (GMT). No. of bitstreams: 1 Angelo Schranko de Oliveira.pdf: 4736885 bytes, checksum: d3c263db3ea018f7123104adcc332964 (MD5) Previous issue date: 2022-03-17application/pdfengUniversidade Nove de JulhoPrograma de Pós-Graduação em Informática e Gestão do ConhecimentoUNINOVEBrasilInformáticaandroid malware detectionmultimodal deep learningcomputer securityandroid malware detectionmultimodal deep learningcomputer securityCIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAOA new android malware detection method based on multimodal deep learning and hybrid analysisinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/doctoralThesis8930092515683771531600info:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da Uninoveinstname:Universidade Nove de Julho (UNINOVE)instacron:UNINOVEORIGINALAngelo Schranko de Oliveira.pdfAngelo Schranko de Oliveira.pdfapplication/pdf4736885http://localhost:8080/tede/bitstream/tede/3096/2/Angelo+Schranko+de+Oliveira.pdfd3c263db3ea018f7123104adcc332964MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82165http://localhost:8080/tede/bitstream/tede/3096/1/license.txtbd3efa91386c1718a7f26a329fdcb468MD51tede/30962022-12-02 09:52:43.776oai:localhost:tede/3096Tk9UQTogQ09MT1FVRSBBUVVJIEEgU1VBIFBSw5NQUklBIExJQ0VOw4dBCkVzdGEgbGljZW7Dp2EgZGUgZXhlbXBsbyDDqSBmb3JuZWNpZGEgYXBlbmFzIHBhcmEgZmlucyBpbmZvcm1hdGl2b3MuCgpMSUNFTsOHQSBERSBESVNUUklCVUnDh8ODTyBOw4NPLUVYQ0xVU0lWQQoKQ29tIGEgYXByZXNlbnRhw6fDo28gZGVzdGEgbGljZW7Dp2EsIHZvY8OqIChvIGF1dG9yIChlcykgb3UgbyB0aXR1bGFyIGRvcyBkaXJlaXRvcyBkZSBhdXRvcikgY29uY2VkZSDDoCBVbml2ZXJzaWRhZGUgClhYWCAoU2lnbGEgZGEgVW5pdmVyc2lkYWRlKSBvIGRpcmVpdG8gbsOjby1leGNsdXNpdm8gZGUgcmVwcm9kdXppciwgIHRyYWR1emlyIChjb25mb3JtZSBkZWZpbmlkbyBhYmFpeG8pLCBlL291IApkaXN0cmlidWlyIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyAoaW5jbHVpbmRvIG8gcmVzdW1vKSBwb3IgdG9kbyBvIG11bmRvIG5vIGZvcm1hdG8gaW1wcmVzc28gZSBlbGV0csO0bmljbyBlIAplbSBxdWFscXVlciBtZWlvLCBpbmNsdWluZG8gb3MgZm9ybWF0b3Mgw6F1ZGlvIG91IHbDrWRlby4KClZvY8OqIGNvbmNvcmRhIHF1ZSBhIFNpZ2xhIGRlIFVuaXZlcnNpZGFkZSBwb2RlLCBzZW0gYWx0ZXJhciBvIGNvbnRlw7pkbywgdHJhbnNwb3IgYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIApwYXJhIHF1YWxxdWVyIG1laW8gb3UgZm9ybWF0byBwYXJhIGZpbnMgZGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIHRhbWLDqW0gY29uY29yZGEgcXVlIGEgU2lnbGEgZGUgVW5pdmVyc2lkYWRlIHBvZGUgbWFudGVyIG1haXMgZGUgdW1hIGPDs3BpYSBhIHN1YSB0ZXNlIG91IApkaXNzZXJ0YcOnw6NvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcyAKbmVzdGEgbGljZW7Dp2EuIFZvY8OqIHRhbWLDqW0gZGVjbGFyYSBxdWUgbyBkZXDDs3NpdG8gZGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBuw6NvLCBxdWUgc2VqYSBkZSBzZXUgCmNvbmhlY2ltZW50bywgaW5mcmluZ2UgZGlyZWl0b3MgYXV0b3JhaXMgZGUgbmluZ3XDqW0uCgpDYXNvIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyBjb250ZW5oYSBtYXRlcmlhbCBxdWUgdm9jw6ogbsOjbyBwb3NzdWkgYSB0aXR1bGFyaWRhZGUgZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCB2b2PDqiAKZGVjbGFyYSBxdWUgb2J0ZXZlIGEgcGVybWlzc8OjbyBpcnJlc3RyaXRhIGRvIGRldGVudG9yIGRvcyBkaXJlaXRvcyBhdXRvcmFpcyBwYXJhIGNvbmNlZGVyIMOgIFNpZ2xhIGRlIFVuaXZlcnNpZGFkZSAKb3MgZGlyZWl0b3MgYXByZXNlbnRhZG9zIG5lc3RhIGxpY2Vuw6dhLCBlIHF1ZSBlc3NlIG1hdGVyaWFsIGRlIHByb3ByaWVkYWRlIGRlIHRlcmNlaXJvcyBlc3TDoSBjbGFyYW1lbnRlIAppZGVudGlmaWNhZG8gZSByZWNvbmhlY2lkbyBubyB0ZXh0byBvdSBubyBjb250ZcO6ZG8gZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIG9yYSBkZXBvc2l0YWRhLgoKQ0FTTyBBIFRFU0UgT1UgRElTU0VSVEHDh8ODTyBPUkEgREVQT1NJVEFEQSBURU5IQSBTSURPIFJFU1VMVEFETyBERSBVTSBQQVRST0PDjU5JTyBPVSAKQVBPSU8gREUgVU1BIEFHw4pOQ0lBIERFIEZPTUVOVE8gT1UgT1VUUk8gT1JHQU5JU01PIFFVRSBOw4NPIFNFSkEgQSBTSUdMQSBERSAKVU5JVkVSU0lEQURFLCBWT0PDiiBERUNMQVJBIFFVRSBSRVNQRUlUT1UgVE9ET1MgRSBRVUFJU1FVRVIgRElSRUlUT1MgREUgUkVWSVPDg08gQ09NTyAKVEFNQsOJTSBBUyBERU1BSVMgT0JSSUdBw4fDlUVTIEVYSUdJREFTIFBPUiBDT05UUkFUTyBPVSBBQ09SRE8uCgpBIFNpZ2xhIGRlIFVuaXZlcnNpZGFkZSBzZSBjb21wcm9tZXRlIGEgaWRlbnRpZmljYXIgY2xhcmFtZW50ZSBvIHNldSBub21lIChzKSBvdSBvKHMpIG5vbWUocykgZG8ocykgCmRldGVudG9yKGVzKSBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzIApjb25jZWRpZGFzIHBvciBlc3RhIGxpY2Vuw6dhLgo=Biblioteca Digital de Teses e Dissertaçõeshttp://bibliotecatede.uninove.br/PRIhttp://bibliotecatede.uninove.br/oai/requestbibliotecatede@uninove.br||bibliotecatede@uninove.bropendoar:2022-12-02T12:52:43Biblioteca Digital de Teses e Dissertações da Uninove - Universidade Nove de Julho (UNINOVE)false |
dc.title.por.fl_str_mv |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
title |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
spellingShingle |
A new android malware detection method based on multimodal deep learning and hybrid analysis Oliveira, Angelo Schranko de android malware detection multimodal deep learning computer security android malware detection multimodal deep learning computer security CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
title_short |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
title_full |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
title_fullStr |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
title_full_unstemmed |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
title_sort |
A new android malware detection method based on multimodal deep learning and hybrid analysis |
author |
Oliveira, Angelo Schranko de |
author_facet |
Oliveira, Angelo Schranko de |
author_role |
author |
dc.contributor.advisor1.fl_str_mv |
Sassi, Renato José |
dc.contributor.advisor1Lattes.fl_str_mv |
http://lattes.cnpq.br/8750334661789610 |
dc.contributor.referee1.fl_str_mv |
Sassi, Renato José |
dc.contributor.referee1Lattes.fl_str_mv |
http://lattes.cnpq.br/8750334661789610 |
dc.contributor.referee2.fl_str_mv |
Lopes, Fábio Silva |
dc.contributor.referee2Lattes.fl_str_mv |
http://lattes.cnpq.br/2302666201616083 |
dc.contributor.referee3.fl_str_mv |
Silva, Leandro Augusto da |
dc.contributor.referee3Lattes.fl_str_mv |
http://lattes.cnpq.br/1396385111251741 |
dc.contributor.referee4.fl_str_mv |
Dias, Cleber Gustavo |
dc.contributor.referee4Lattes.fl_str_mv |
http://lattes.cnpq.br/2147386441758156 |
dc.contributor.referee5.fl_str_mv |
Martins, Fellipe Silva |
dc.contributor.referee5Lattes.fl_str_mv |
http://lattes.cnpq.br/7912881403948084 |
dc.contributor.authorLattes.fl_str_mv |
http://lattes.cnpq.br/3426939060925235 |
dc.contributor.author.fl_str_mv |
Oliveira, Angelo Schranko de |
contributor_str_mv |
Sassi, Renato José Sassi, Renato José Lopes, Fábio Silva Silva, Leandro Augusto da Dias, Cleber Gustavo Martins, Fellipe Silva |
dc.subject.por.fl_str_mv |
android malware detection multimodal deep learning computer security |
topic |
android malware detection multimodal deep learning computer security android malware detection multimodal deep learning computer security CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
dc.subject.eng.fl_str_mv |
android malware detection multimodal deep learning computer security |
dc.subject.cnpq.fl_str_mv |
CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
description |
In the current world, whereby almost everything is digitized, cybercrime is on the rise as criminals continue to develop new ways to hack information systems. One of main tools used for cybercrime operations are malware, or malicious software. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional Machine Learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, Deep Learning (DL) malware detection methods perform automatic feature learning but usually require much more data and processing power. Moreover, there are multiple data modalities of Malware Analysis (MA) data that can be used for detection purposes. Thus, the general objective of this dissertation was to develop and evaluate a new Android malware detection method, named Chimera, based on Multimodal Deep Learning (MDL) and Hybrid Analysis (HA), using different data modalities and combining both manual and automatic feature engineering in order to increase Android malware detection rate. To train, optimize, and evaluate the models, the Knowledge Discovery in Databases (KDD) process was implemented using a new dataset based on the publicly available Android benchmark dataset Omnidroid containing Static Analysis (SA) and Dynamic Analysis (DA) data extracted from 22000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s performance outperformed its unimodal DL subnetworks, classical ML methods, and Ensemble ML methods, thus, the results of this dissertation show that the right combination of multimodal data, specialized DL methods, manual and automatic feature engineering can significantly increase Android malware detection rate. |
publishDate |
2022 |
dc.date.accessioned.fl_str_mv |
2022-12-02T12:52:43Z |
dc.date.issued.fl_str_mv |
2022-03-17 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/doctoralThesis |
format |
doctoralThesis |
status_str |
publishedVersion |
dc.identifier.citation.fl_str_mv |
Oliveira, Angelo Schranko de. A new android malware detection method based on multimodal deep learning and hybrid analysis. 2022.95 f. Tese( Programa de Pós-Graduação em Informática e Gestão do Conhecimento) - Universidade Nove de Julho, São Paulo. |
dc.identifier.uri.fl_str_mv |
http://bibliotecatede.uninove.br/handle/tede/3096 |
identifier_str_mv |
Oliveira, Angelo Schranko de. A new android malware detection method based on multimodal deep learning and hybrid analysis. 2022.95 f. Tese( Programa de Pós-Graduação em Informática e Gestão do Conhecimento) - Universidade Nove de Julho, São Paulo. |
url |
http://bibliotecatede.uninove.br/handle/tede/3096 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.cnpq.fl_str_mv |
8930092515683771531 |
dc.relation.confidence.fl_str_mv |
600 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Universidade Nove de Julho |
dc.publisher.program.fl_str_mv |
Programa de Pós-Graduação em Informática e Gestão do Conhecimento |
dc.publisher.initials.fl_str_mv |
UNINOVE |
dc.publisher.country.fl_str_mv |
Brasil |
dc.publisher.department.fl_str_mv |
Informática |
publisher.none.fl_str_mv |
Universidade Nove de Julho |
dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações da Uninove instname:Universidade Nove de Julho (UNINOVE) instacron:UNINOVE |
instname_str |
Universidade Nove de Julho (UNINOVE) |
instacron_str |
UNINOVE |
institution |
UNINOVE |
reponame_str |
Biblioteca Digital de Teses e Dissertações da Uninove |
collection |
Biblioteca Digital de Teses e Dissertações da Uninove |
bitstream.url.fl_str_mv |
http://localhost:8080/tede/bitstream/tede/3096/2/Angelo+Schranko+de+Oliveira.pdf http://localhost:8080/tede/bitstream/tede/3096/1/license.txt |
bitstream.checksum.fl_str_mv |
d3c263db3ea018f7123104adcc332964 bd3efa91386c1718a7f26a329fdcb468 |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 |
repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações da Uninove - Universidade Nove de Julho (UNINOVE) |
repository.mail.fl_str_mv |
bibliotecatede@uninove.br||bibliotecatede@uninove.br |
_version_ |
1811016889052168192 |