An effective attention and residual network for malware detection

IF 1.5 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

IET Communications Pub Date : 2024-04-27 DOI:10.1049/cmu2.12754

Wei Gu, Hongyan Xing, Tianhao Hou

{"title":"An effective attention and residual network for malware detection","authors":"Wei Gu, Hongyan Xing, Tianhao Hou","doi":"10.1049/cmu2.12754","DOIUrl":null,"url":null,"abstract":"<p>Due to its open source and large user base, Android has emerged as the most popular operating system. Android's popularity and openness have made it a prime target for malicious attackers. Permissions have received great attention from researchers because of their effectiveness in restricting applications’ access to sensitive resources. However, existing malware detection methods based on permissions are easily bypassed by inter-application resource access. To address these issues, we combine inter-application resource access-related intent features with permission features. Besides, we designed a customized convolutional neural network using two squeeze-and-excitation blocks to learn the inherent relationships between multi-type features. The two basic SE blocks perform squeezing operations based on average pooling and max pooling, respectively, to compute channel-wise attention from multiple perspectives. We designed a series of experiments based on real-world samples to evaluate the efficacy of the proposed framework. Empirical results demonstrate that our framework outperforms state-of-the-art methods, achieving an accuracy of 96.29%, precision of 97.52%, recall of 94.63%, F1-score of 96.06% and MCC of 92.60%. These promising experimental results consistently demonstrate that AMERDroid is an effective approach for Android malware detection.</p>","PeriodicalId":55001,"journal":{"name":"IET Communications","volume":"18 9","pages":"557-568"},"PeriodicalIF":1.5000,"publicationDate":"2024-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cmu2.12754","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Communications","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cmu2.12754","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Due to its open source and large user base, Android has emerged as the most popular operating system. Android's popularity and openness have made it a prime target for malicious attackers. Permissions have received great attention from researchers because of their effectiveness in restricting applications’ access to sensitive resources. However, existing malware detection methods based on permissions are easily bypassed by inter-application resource access. To address these issues, we combine inter-application resource access-related intent features with permission features. Besides, we designed a customized convolutional neural network using two squeeze-and-excitation blocks to learn the inherent relationships between multi-type features. The two basic SE blocks perform squeezing operations based on average pooling and max pooling, respectively, to compute channel-wise attention from multiple perspectives. We designed a series of experiments based on real-world samples to evaluate the efficacy of the proposed framework. Empirical results demonstrate that our framework outperforms state-of-the-art methods, achieving an accuracy of 96.29%, precision of 97.52%, recall of 94.63%, F1-score of 96.06% and MCC of 92.60%. These promising experimental results consistently demonstrate that AMERDroid is an effective approach for Android malware detection.

Abstract Image

查看原文本刊更多论文

用于恶意软件检测的有效注意力和残留物网络

由于其开放源代码和庞大的用户群，安卓已成为最流行的操作系统。安卓的普及性和开放性使其成为恶意攻击者的主要目标。由于权限能有效限制应用程序对敏感资源的访问，因此受到了研究人员的极大关注。然而，现有的基于权限的恶意软件检测方法很容易被应用程序间的资源访问绕过。为了解决这些问题，我们将应用程序间资源访问相关的意图特征与权限特征相结合。此外，我们还设计了一个定制的卷积神经网络，使用两个挤压-激发块来学习多类型特征之间的内在关系。这两个基本 SE 模块分别执行基于平均池化和最大池化的挤压操作，从多个角度计算渠道关注度。我们设计了一系列基于真实世界样本的实验来评估所提出框架的功效。实证结果表明，我们的框架优于最先进的方法，准确率达 96.29%，精确率达 97.52%，召回率达 94.63%，F1 分数达 96.06%，MCC 达 92.60%。这些令人鼓舞的实验结果一致证明，AMERDroid 是一种有效的安卓恶意软件检测方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Communications 工程技术-工程：电子与电气

CiteScore

4.30

自引率

6.20%

发文量

220

审稿时长

5.9 months

期刊介绍： IET Communications covers the fundamental and generic research for a better understanding of communication technologies to harness the signals for better performing communication systems using various wired and/or wireless media. This Journal is particularly interested in research papers reporting novel solutions to the dominating problems of noise, interference, timing and errors for reduction systems deficiencies such as wasting scarce resources such as spectra, energy and bandwidth. Topics include, but are not limited to: Coding and Communication Theory; Modulation and Signal Design; Wired, Wireless and Optical Communication; Communication System Special Issues. Current Call for Papers: Cognitive and AI-enabled Wireless and Mobile - https://digital-library.theiet.org/files/IET_COM_CFP_CAWM.pdf UAV-Enabled Mobile Edge Computing - https://digital-library.theiet.org/files/IET_COM_CFP_UAV.pdf