Details

Autor(en) / Beteiligte

• Ge, Ruihai
• Zhang, Yongzheng
• Li, Shuhao
• Zhou, GuoQiao

Titel

A Dual-Branch Self-attention Method for Mobile Malware Detection via Network Traffic

Ist Teil von

• 2022 International Joint Conference on Neural Networks (IJCNN), 2022, p.1-8

Ort / Verlag

IEEE

Erscheinungsjahr

2022

Quelle

IEEE Xplore

Beschreibungen/Notizen

• The desperate increase of mobile malware has constituted a severe threat to user privacy, economic life, and cyberspace security. Existing anti-malware solutions have no-ticeable weaknesses due to the adoption of content analysis-based approaches. The main limitation of these approaches is that they rely on careful expert engineering and professional handcrafted input features. Some researchers have tried to solve this limitation by using deep learning models to automatically learn feature representations from raw traffic. In this paper, we explore a deep learning detection framework based on self-attention to discriminate between malicious and benign network traffic. As a major advantage with respect to the state-of-the-art methods, we point out that the attention mechanism can better learn the underlying features of malicious traffic in terms of flows and bytes. We design a dual-branch deep learning method that consists of a flow importance-discrimination branch and a byte importance-discrimination branch. The flow importance-discrimination branch calculates the attentions between flows to obtain the feature contributions of different flows, and the byte importance-discrimination branch builds the feature contributions of diverse bytes by considering the connections among all bytes of network payload. Both flow features and byte features are combined to enhance the representation ability of network traffic behaviors generated by mobile applications (apps). We evaluate proposed method using a publicly available dataset including 55,992 malicious traffic traces and 47,779 benign traffic traces. The experimental results demonstrate that our method is able to identify malicious apps with high accuracy, outperforming the baseline methods and the popular deep-learning models.