Cargando…
Convolution neural network with batch normalization and inception-residual modules for Android malware classification
Deep learning technology is changing the landscape of cybersecurity research, especially the study of large amounts of data. With the rapid growth in the number of malware, developing of an efficient and reliable method for classifying malware has become one of the research priorities. In this paper...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Nature Publishing Group UK
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9385674/ https://www.ncbi.nlm.nih.gov/pubmed/35978023 http://dx.doi.org/10.1038/s41598-022-18402-6 |
| _version_ | 1784769641663430656 |
|---|---|
| author | Liu, TianYue Zhang, HongQi Long, HaiXia Shi, Jinmei Yao, YuHua |
| author_facet | Liu, TianYue Zhang, HongQi Long, HaiXia Shi, Jinmei Yao, YuHua |
| author_sort | Liu, TianYue |
| collection | PubMed |
| description | Deep learning technology is changing the landscape of cybersecurity research, especially the study of large amounts of data. With the rapid growth in the number of malware, developing of an efficient and reliable method for classifying malware has become one of the research priorities. In this paper, a new method, BIR-CNN, is proposed to classify of Android malware. It combines convolution neural network (CNN) with batch normalization and inception-residual (BIR) network modules by using 347-dim network traffic features. CNN combines inception-residual modules with a convolution layer that can enhance the learning ability of the model. Batch Normalization can speed up the training process and avoid over-fitting of the model. Finally, experiments are conducted on the publicly available network traffic dataset CICAndMal2017 and compared with three traditional machine learning algorithms and CNN. The accuracy of BIR-CNN is 99.73% in binary classification (2-classifier). Moreover, the BIR-CNN can classify malware by its category (4-classifier) and malicious family (35-classifier), with a classification accuracy of 99.53% and 94.38%, respectively. The experimental results show that the proposed model is an effective method for Android malware classification, especially in malware category and family classifier. |
| format | Online Article Text |
| id | pubmed-9385674 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Nature Publishing Group UK |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-93856742022-08-19 Convolution neural network with batch normalization and inception-residual modules for Android malware classification Liu, TianYue Zhang, HongQi Long, HaiXia Shi, Jinmei Yao, YuHua Sci Rep Article Deep learning technology is changing the landscape of cybersecurity research, especially the study of large amounts of data. With the rapid growth in the number of malware, developing of an efficient and reliable method for classifying malware has become one of the research priorities. In this paper, a new method, BIR-CNN, is proposed to classify of Android malware. It combines convolution neural network (CNN) with batch normalization and inception-residual (BIR) network modules by using 347-dim network traffic features. CNN combines inception-residual modules with a convolution layer that can enhance the learning ability of the model. Batch Normalization can speed up the training process and avoid over-fitting of the model. Finally, experiments are conducted on the publicly available network traffic dataset CICAndMal2017 and compared with three traditional machine learning algorithms and CNN. The accuracy of BIR-CNN is 99.73% in binary classification (2-classifier). Moreover, the BIR-CNN can classify malware by its category (4-classifier) and malicious family (35-classifier), with a classification accuracy of 99.53% and 94.38%, respectively. The experimental results show that the proposed model is an effective method for Android malware classification, especially in malware category and family classifier. Nature Publishing Group UK 2022-08-17 /pmc/articles/PMC9385674/ /pubmed/35978023 http://dx.doi.org/10.1038/s41598-022-18402-6 Text en © The Author(s) 2022 https://creativecommons.org/licenses/by/4.0/Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) . |
| spellingShingle | Article Liu, TianYue Zhang, HongQi Long, HaiXia Shi, Jinmei Yao, YuHua Convolution neural network with batch normalization and inception-residual modules for Android malware classification |
| title | Convolution neural network with batch normalization and inception-residual modules for Android malware classification |
| title_full | Convolution neural network with batch normalization and inception-residual modules for Android malware classification |
| title_fullStr | Convolution neural network with batch normalization and inception-residual modules for Android malware classification |
| title_full_unstemmed | Convolution neural network with batch normalization and inception-residual modules for Android malware classification |
| title_short | Convolution neural network with batch normalization and inception-residual modules for Android malware classification |
| title_sort | convolution neural network with batch normalization and inception-residual modules for android malware classification |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9385674/ https://www.ncbi.nlm.nih.gov/pubmed/35978023 http://dx.doi.org/10.1038/s41598-022-18402-6 |
| work_keys_str_mv | AT liutianyue convolutionneuralnetworkwithbatchnormalizationandinceptionresidualmodulesforandroidmalwareclassification AT zhanghongqi convolutionneuralnetworkwithbatchnormalizationandinceptionresidualmodulesforandroidmalwareclassification AT longhaixia convolutionneuralnetworkwithbatchnormalizationandinceptionresidualmodulesforandroidmalwareclassification AT shijinmei convolutionneuralnetworkwithbatchnormalizationandinceptionresidualmodulesforandroidmalwareclassification AT yaoyuhua convolutionneuralnetworkwithbatchnormalizationandinceptionresidualmodulesforandroidmalwareclassification |