Compartilhamento |
|
Use este identificador para citar ou linkar para este item:
http://bibliotecatede.uninove.br/handle/tede/3096
Tipo do documento: | Tese |
Título: | A new android malware detection method based on multimodal deep learning and hybrid analysis |
Autor: | Oliveira, Angelo Schranko de |
Primeiro orientador: | Sassi, Renato José |
Primeiro membro da banca: | Sassi, Renato José |
Segundo membro da banca: | Lopes, Fábio Silva |
Terceiro membro da banca: | Silva, Leandro Augusto da |
Quarto membro da banca: | Dias, Cleber Gustavo |
Quinto membro da banca: | Martins, Fellipe Silva |
Resumo: | In the current world, whereby almost everything is digitized, cybercrime is on the rise as criminals continue to develop new ways to hack information systems. One of main tools used for cybercrime operations are malware, or malicious software. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional Machine Learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, Deep Learning (DL) malware detection methods perform automatic feature learning but usually require much more data and processing power. Moreover, there are multiple data modalities of Malware Analysis (MA) data that can be used for detection purposes. Thus, the general objective of this dissertation was to develop and evaluate a new Android malware detection method, named Chimera, based on Multimodal Deep Learning (MDL) and Hybrid Analysis (HA), using different data modalities and combining both manual and automatic feature engineering in order to increase Android malware detection rate. To train, optimize, and evaluate the models, the Knowledge Discovery in Databases (KDD) process was implemented using a new dataset based on the publicly available Android benchmark dataset Omnidroid containing Static Analysis (SA) and Dynamic Analysis (DA) data extracted from 22000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s performance outperformed its unimodal DL subnetworks, classical ML methods, and Ensemble ML methods, thus, the results of this dissertation show that the right combination of multimodal data, specialized DL methods, manual and automatic feature engineering can significantly increase Android malware detection rate. |
Abstract: | In the current world, whereby almost everything is digitized, cybercrime is on the rise as criminals continue to develop new ways to hack information systems. One of main tools used for cybercrime operations are malware, or malicious software. Malware detection is a challenging problem that has been actively explored by both the industry and academia using intelligent methods. On the one hand, traditional Machine Learning (ML) malware detection methods rely on manual feature engineering that requires expert knowledge. On the other hand, Deep Learning (DL) malware detection methods perform automatic feature learning but usually require much more data and processing power. Moreover, there are multiple data modalities of Malware Analysis (MA) data that can be used for detection purposes. Thus, the general objective of this dissertation was to develop and evaluate a new Android malware detection method, named Chimera, based on Multimodal Deep Learning (MDL) and Hybrid Analysis (HA), using different data modalities and combining both manual and automatic feature engineering in order to increase Android malware detection rate. To train, optimize, and evaluate the models, the Knowledge Discovery in Databases (KDD) process was implemented using a new dataset based on the publicly available Android benchmark dataset Omnidroid containing Static Analysis (SA) and Dynamic Analysis (DA) data extracted from 22000 real malware and goodware samples. By leveraging a hybrid source of information to learn high-level feature representations for both the static and dynamic properties of Android applications, Chimera’s performance outperformed its unimodal DL subnetworks, classical ML methods, and Ensemble ML methods, thus, the results of this dissertation show that the right combination of multimodal data, specialized DL methods, manual and automatic feature engineering can significantly increase Android malware detection rate. |
Palavras-chave: | android malware detection multimodal deep learning computer security android malware detection multimodal deep learning computer security |
Área(s) do CNPq: | CIENCIA DA COMPUTACAO::SISTEMAS DE COMPUTACAO |
Idioma: | eng |
País: | Brasil |
Instituição: | Universidade Nove de Julho |
Sigla da instituição: | UNINOVE |
Departamento: | Informática |
Programa: | Programa de Pós-Graduação em Informática e Gestão do Conhecimento |
Citação: | Oliveira, Angelo Schranko de. A new android malware detection method based on multimodal deep learning and hybrid analysis. 2022.95 f. Tese( Programa de Pós-Graduação em Informática e Gestão do Conhecimento) - Universidade Nove de Julho, São Paulo. |
Tipo de acesso: | Acesso Aberto |
URI: | http://bibliotecatede.uninove.br/handle/tede/3096 |
Data de defesa: | 17-Mar-2022 |
Aparece nas coleções: | Programa de Pós-Graduação em Informática e Gestão do Conhecimento |
Arquivos associados a este item:
Arquivo | Descrição | Tamanho | Formato | |
---|---|---|---|---|
Angelo Schranko de Oliveira.pdf | Angelo Schranko de Oliveira | 4,63 MB | Adobe PDF | Baixar/Abrir Pré-Visualizar |
Os itens no repositório estão protegidos por copyright, com todos os direitos reservados, salvo quando é indicado o contrário.