Disentangled Representation Learning in Heterogeneous Information Network for Large-scale Android Malware Detection in the COVID-19 Era and Beyond

Authors

  • Shifu Hou Case Western Reserve University
  • Yujie Fan Case Western Reserve University
  • Mingxuan Ju Case Western Reserve University
  • Yanfang Ye Case Western Reserve University
  • Wenqiang Wan Tencent Security Lab
  • Kui Wang Tencent Security Lab
  • Yinming Mei Tencent Security Lab
  • Qi Xiong Tencent Security Lab
  • Fudong Shao Tencent Security Lab

DOI:

https://doi.org/10.1609/aaai.v35i9.16947

Keywords:

Graph-based Machine Learning

Abstract

In the fight against the COVID-19 pandemic, many social activities have moved online; society's overwhelming reliance on the complex cyberspace makes its security more important than ever. In this paper, we propose and develop an intelligent system named Dr.HIN to protect users against the evolving Android malware attacks in the COVID-19 era and beyond. In Dr.HIN, besides app content, we propose to consider higher-level semantics and social relations among apps, developers and mobile devices to comprehensively depict Android apps; and then we introduce a structured heterogeneous information network (HIN) to model the complex relations and exploit meta-path guided strategy to learn node (i.e., app) representations from HIN. As the representations of malware could be highly entangled with benign apps in the complex ecosystem of development, it poses a new challenge of learning the latent explanatory factors hidden in the HIN embeddings to detect the evolving malware. To address this challenge, we propose to integrate domain priors generated from different views (i.e., app content, app authorship, app installation) to devise an adversarial disentangler to separate the distinct, informative factors of variations hidden in the HIN embeddings for large-scale Android malware detection. This is the first attempt of disentangled representation learning in HIN data. Promising experimental results based on the large-scale and real sample collections from security industry demonstrate the performance of Dr.HIN in evolving Android malware detection, by comparison with baselines and popular mobile security products.

Downloads

Published

2021-05-18

How to Cite

Hou, S., Fan, Y., Ju, M., Ye, Y., Wan, W., Wang, K., Mei, Y., Xiong, Q., & Shao, F. (2021). Disentangled Representation Learning in Heterogeneous Information Network for Large-scale Android Malware Detection in the COVID-19 Era and Beyond. Proceedings of the AAAI Conference on Artificial Intelligence, 35(9), 7754-7761. https://doi.org/10.1609/aaai.v35i9.16947

Issue

Section

AAAI Technical Track on Machine Learning II