| |
| | | Machine Learning Based Approaches Towards Robust Android Malware Detection | 
| XU Jiayun PhD Candidate
School of Information Systems
Singapore Management University
| Research Area Dissertation Committee Advisor Co-Advisor - LI Yingjiu, Ripple Professor, Department of Computer and Information Science, University of Oregon
Committee Members External Members - ZHOU Jianying, Professor of Cyber Security @ ISTD, Singapore University of Technology and Design
|
| | Date 13 April 2021 (Tuesday) | Time 10:00am - 11:00am | Venue This is a virtual seminar. Please register by 12 April before 12pm, the zoom link will be sent out by end of the day to those who have registered. | We look forward to seeing you at this research seminar. ![]()
|
|
|
| | About The Talk Many Android malware detection approaches have been proposed in different ways so far. But the existing approaches suffer robustness problems such as label noises or model aging, when the Android OS specifications evolve or the labels of training app samples change. The first work in this dissertation proposes a slow-aging Android malware detection solution named SDAC which evolves its feature set effectively to catch up with new APIs. In detail, SDAC evaluates the contributions of APIs using their contexts in the API call sequences extracted from Android apps. Based on these sequences, an embedding algorithm named API2Vec is deployed to map APIs into a vector space. SDAC then clusters all these APIs in the space to create a feature set in the training phase, and extends the feature set to include all new APIs in the detecting phase. By the feature extension, SDAC can adapt to the changes in Android specifications and thus produces a robust approach against changes in Android OS specifications. The second work in this dissertation is named Differential Training, a general framework designed to reduce the noise level of training data for any machine learning-based Android malware detection approach. Given noisy datasets, Differential Training firstly generates the noise detection feature vectors from all the intermediate states of two identical deep learning classification models. Then it applies outlier detection algorithms on these noise detection feature vectors, and the outliers detected are regarded as coming from noises and are later corrected. The third work in the dissertation is a noise-tolerant dynamic-based Android malware detection approach named Dynamic Attention. In dynamic-based Android malware detection approaches, the triggered behavior traces collected from samples with "malware'' labels may not contain ``malicious'' behaviors due to the imperfect trigger procedure, so that they are in fact mislabelled. Dynamic Attention is thus designed to solve this mislabelling problem: it identifies the label noises based on the variances of the attention weights of these behavior traces, and assigns correctly-labelled behavior traces with high weights and wrongly-labelled ones with lower weights during the model training. By doing so, Dynamic Attention makes the classification model learn less from wrongly-labelled feature vectors and gains resistances against the noises. | | | Speaker Biography Xu Jiayun is a Ph.D. candidate in the Information Security area under the supervision of Prof. Robert Deng. He is also supervised by Prof. Yingjiu Li, Prof. Xuhua Ding, Prof. Debin Gao and Prof. Jianying Zhou. He received his Master Degree in 2015 and his Bachelor Degree in 2012 from Shanghai Jiaotong University. His current research focuses on Android malware detection. |
|
