Andriod malware poses a serious threat to users privacy, money, equipment and file integrity. A series of data-driven malware detection methods were proposed. However, there exist two key challenges for these methods: (1) how to learn effective feature representation from raw data; (2) how to reduce the dependence on the prior knowledge or human labors in feature learning. Inspired by the success of deep learning methods in the feature representation learning community, we propose a malware detection framework which starts with learning rich-features by a novel unsupervised feature learning algorithm Merged Sparse Auto-Encoder (MSAE). In order to extract more compact and discriminative feature from the rich-features to further boost the malware detection capability, a hybrid deep network learning algorithm Stacked Hybrid Learning MSAE and SDAE (SHLMD) is established by further incorporating a classical deep learning method Stacked Denoising Auto-encoders (SDAE). After that, we feed the feature learned by MSAE and SHLMD respectively to classification algorithms to train a malware detection model. Evaluation results on two real-world datasets demonstrate that SHLMD achieves 94.46% and 90.57% accuracy respectively, which outperforms the classical unsupervised feature representation learning Sparse Auto-encoder (SAE).
|Journal||IEEE Transactions on Knowledge and Data Engineering|
|State||Accepted/In press - 2021|
- Feature extraction or construction
- Machine learning
- Modeling and prediction
- Neural nets