DexBERT: Effective, Task-Agnostic and Fine-Grained Representation Learning of Android Bytecode

被引:1
作者
Sun T. [1 ]
Allix K. [1 ]
Kim K. [2 ]
Zhou X. [2 ]
Kim D. [3 ]
Lo D. [2 ]
Bissyande T.F. [1 ]
Klein J. [1 ]
机构
[1] University of Luxembourg, Kirchberg
[2] Singapore Management University
[3] Kyungpook National University, Daegu
来源
IEEE Transactions on Software Engineering | 2023年 / 49卷 / 10期
关键词
Android app analysis; code representation; defect prediction; malicious code localization; Representation learning;
D O I
10.1109/TSE.2023.3310874
中图分类号
学科分类号
摘要
The automation of an increasingly large number of software engineering tasks is becoming possible thanks to Machine Learning (ML). One foundational building block in the application of ML to software artifacts is the representation of these artifacts (e.g., source code or executable code) into a form that is suitable for learning. Traditionally, researchers and practitioners have relied on manually selected features, based on expert knowledge, for the task at hand. Such knowledge is sometimes imprecise and generally incomplete. To overcome this limitation, many studies have leveraged representation learning, delegating to ML itself the job of automatically devising suitable representations and selections of the most relevant features. Yet, in the context of Android problems, existing models are either limited to coarse-grained whole-app level (e.g., apk2vec) or conducted for one specific downstream task (e.g., smali2vec). Thus, the produced representation may turn out to be unsuitable for fine-grained tasks or cannot generalize beyond the task that they have been trained on. Our work is part of a new line of research that investigates effective, task-agnostic, and fine-grained universal representations of bytecode to mitigate both of these two limitations. Such representations aim to capture information relevant to various low-level downstream tasks (e.g., at the class-level). We are inspired by the field of Natural Language Processing, where the problem of universal representation was addressed by building Universal Language Models, such as BERT, whose goal is to capture abstract semantic information about sentences, in a way that is reusable for a variety of tasks. We propose DexBERT, a BERT-like Language Model dedicated to representing chunks of DEX bytecode, the main binary format used in Android applications. We empirically assess whether DexBERT is able to model the DEX language and evaluate the suitability of our model in three distinct class-level software engineering tasks: Malicious Code Localization, Defect Prediction, and Component Type Classification. We also experiment with strategies to deal with the problem of catering to apps having vastly different sizes, and we demonstrate one example of using our technique to investigate what information is relevant to a given task. © 1976-2012 IEEE.
引用
收藏
页码:4691 / 4706
页数:15
相关论文
共 93 条
  • [1] Devlin J., Chang M., Lee K., Toutanova K., BERT: Pre-training of deep bidirectional transformers for language understanding, (2018)
  • [2] Alon U., Zilberstein M., Levy O., Yahav E., code2vec: Learning distributed representations of code, Proc. ACM Program. Lang., 3, pp. 1-29, (2019)
  • [3] Mani S., Sankaran A., Aralikatte R., DeepTriage: Exploring the effectiveness of deep learning for bug triaging, Proc. ACM India Joint Int. Conf. Data Sci. Manage. Data, pp. 171-179, (2019)
  • [4] Kang H.J., Bissyande T.F., Lo D., Assessing the generalizability of code2vec token embeddings, Proc. 34th IEEE/ACM Int. Conf. Autom. Softw. Eng. (ASE), pp. 1-12, (2019)
  • [5] Canfora G., Medvet E., Mercaldo F., Visaggio C.A., Detecting Android malware using sequences of system calls, Proc. 3rd Int. Workshop Softw. Develop. Lifecycle Mob., pp. 13-20, (2015)
  • [6] Hou S., Saas A., Ye Y., Chen L., DroidDelver: An android malware detection system using deep belief network based on API call blocks, Int. Conf. Web-Age Inf. Manag., pp. 54-66, (2016)
  • [7] Singh L., Hofmann M., Dynamic behavior analysis of android applications for malware detection, Proc. Int. Conf. Intell. Commun. Comput. Techn. (ICCT)., pp. 1-7, (2017)
  • [8] Xiao X., Wang Z., Li Q., Xia S., Jiang Y., Back-propagation neural network on Markov chains from system call sequences: A new approach for detecting Android malware with system call sequences, IET Inf. Secur., 11, 1, pp. 8-15, (2017)
  • [9] Xiao X., Xiao X., Jiang Y., Liu X., Ye R., Identifying Android malware with system call co-occurrence matrices, Trans. Emerg. Telecommun. Technol., 27, 5, pp. 675-684, (2016)
  • [10] Xu Z., Ren K., Qin S., Craciun F., CDGDroid: Android malware detection based on deep learning using CFG and DFG, Int. Conf. Formal Eng. Methods., pp. 177-193, (2018)
12345678910