Deep Learning Application in Security and Privacy - Theory and Practice:A Position Paper

Technology is shaping our lives in a multitude of ways. This is fuelled by a technology infrastructure, both legacy and state of the art, composed of a heterogeneous group of hardware, software, services and organisations. Such infrastructure faces a diverse range of challenges to its operations that include security, privacy, resilience, and quality of services. Among these, cybersecurity and privacy are taking the centre-stage, especially since the General Data Protection Regulation (GDPR) came into effect. Traditional security and privacy techniques are overstretched and adversarial actors have evolved to design exploitation techniques that circumvent protection. With the ever-increasing complexity of technology infrastructure, security and privacy-preservation specialists have started to look for adaptable and flexible protection methods that can evolve (potentially autonomously) as the adversarial actor changes its techniques. For this, Artificial Intelligence (AI), Machine Learning (ML) and Deep Learning (DL) were put forward as saviours. In this paper, we look at the promises of AI, ML, and DL stated in academic and industrial literature and evaluate how realistic they are. We also put forward potential challenges a DL based security and privacy protection technique has to overcome. Finally, we conclude the paper with a discussion on what steps the DL and the security and privacy-preservation community have to take to ensure that DL is not just going to be hype, but an opportunity to build a secure, reliable, and trusted technology infrastructure on which we can rely on for so much in our lives

Empowering convolutional networks for malware classification and analysis

Performing large-scale malware classification is increasingly becoming a critical step in malware analytics as the number and variety of malware samples is rapidly growing. Statistical machine learning constitutes an appealing method to cope with this increase as it can use mathematical tools to extract information out of large-scale datasets and produce interpretable models. This has motivated a surge of scientific work in developing machine learning methods for detection and classification of malicious executables. However, an optimal method for extracting the most informative features for different malware families, with the final goal of malware classification, is yet to be found. Fortunately, neural networks have evolved to the state that they can surpass the limitations of other methods in terms of hierarchical feature extraction. Consequently, neural networks can now offer superior classification accuracy in many domains such as computer vision and natural language processing. In this paper, we transfer the performance improvements achieved in the area of neural networks to model the execution sequences of disassembled malicious binaries. We implement a neural network that consists of convolutional and feedforward neural constructs. This architecture embodies a hierarchical feature extraction approach that combines convolution of n-grams of instructions with plain vectorization of features derived from the headers of the Portable Executable (PE) files. Our evaluation results demonstrate that our approach outperforms baseline methods, such as simple Feedforward Neural Networks and Support Vector Machines, as we achieve 93% on precision and recall, even in case of obfuscations in the data

Integrity verification and behavioral classification of a large dataset applications pertaining smart OS

© 2020 John Wiley & Sons, Ltd Malware analysis and detection over the Android have been the focus of considerable research, during recent years, as customer adoption of Android attracted a corresponding number of malware writers. Antivirus companies commonly rely on signatures and are error-prone. Traditional machine learning techniques are based on static, dynamic, and hybrid analysis; however, for large scale Android malware analysis, these approaches are not feasible. Deep neural architectures are able to analyze large scale static details of the applications, but static analysis techniques can ignore many malicious behaviors of applications. The study contributes to the documentation of various approaches for detection of malware, traditional and state-of-the-art models, developed for analysis that facilitates the provision of basic insights for researchers working in malware analysis, and the study also provides a dynamic approach that employs deep neural network models for detection of malware. Moreover, the study uses Android permissions as a parameter to measure the dynamic behavior of around 16,900 benign and intruded applications. A dataset is created which encompasses a large set of permissions-based dynamic behavior pertaining applications, with an aim to train deep learning models for prediction of behavior. The proposed architecture extracts representations from input sequence data with no human intervention. The state-of-the-art Deep Convolutional Generative Adversarial Network extracted deep features and accomplished a general validation accuracy of 97.08% with an F1-score of 0.973 in correctly classifying input. Furthermore, the concept of blockchain is utilized to preserve the integrity of the dataset and the results of the analysis