An Explainable Convolutional Neural Network for Dynamic Android Malware Detection

Francesco Mercaldo; Francesco Mercaldo; Fabio Martinelli; Antonella Santone

doi:10.5220/0011609800003405

An Explainable Convolutional Neural Network for Dynamic Android Malware Detection

Francesco Mercaldo, Francesco Mercaldo, Fabio Martinelli, Antonella Santone

2023

Abstract

Mobile devices, in particular the ones powered by the Android operating system, are constantly subjected to attacks from malicious writers, continuously involved in the development of aggressive malicious payload aimed to extract sensitive and private data from our smartphones and mobile devices. From the defensive point of view, the signature-based approach implemented in current antimalware has largely demonstrated its inefficacy in fighting novel malicious payloads but also old ones, when attackers apply (even simple) obfuscation techniques. In this paper, a method aimed to detect malware attacking mobile platforms is proposed. We exploit dynamic analysis and deep learning: in particular, we design the representation of an application as an image directly generated from the system call trace. This representation is then exploited as input for a deep learning network aimed to discern between malicious or trusted applications. Furthermore, we provide a kind of explainability behind the deep learning model prediction, by highlighting into the image obtained from the application under analysis the areas symptomatic of a certain prediction. An experimental analysis with more than 6000 (malicious and legitimate) Android real-world applications is proposed, by reaching a precision of 0.715 and a recall equal to 0.837, showing the effectiveness of the proposed method. Moreover, examples of visual explainability are discussed with the aim to show how the proposed method can be useful for security analysts to better understand the application malicious behaviour.

Download

Paper Citation

in Harvard Style

Mercaldo F., Martinelli F. and Santone A. (2023). An Explainable Convolutional Neural Network for Dynamic Android Malware Detection. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 305-312. DOI: 10.5220/0011609800003405

in Bibtex Style

@conference{icissp23,
author={Francesco Mercaldo and Fabio Martinelli and Antonella Santone},
title={An Explainable Convolutional Neural Network for Dynamic Android Malware Detection},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={305-312},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011609800003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - An Explainable Convolutional Neural Network for Dynamic Android Malware Detection
SN - 978-989-758-624-8
AU - Mercaldo F.
AU - Martinelli F.
AU - Santone A.
PY - 2023
SP - 305
EP - 312
DO - 10.5220/0011609800003405