DeepTrust: Robust Multi-Step Classification with Divergent Learned Representation Models for Android Malware Detection

This research presents DeepTrust, a novel metaheuristic that arranges flexible classifiers, like deep neural networks, into an ordered sequence where the final decision is made by a single internal model based on a step-forward criterion. DeepTrust gets gold medal and state-of-the-art results, outpe...

ver descrição completa

Detalhes bibliográficos
Autor: Pulido Cortázar, Daniel
Formato: tesis de maestría
Fecha de publicación:2025
País:España
Recursos:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/441718
Acesso em linha:https://hdl.handle.net/2117/441718
Access Level:acceso abierto
Palavra-chave:Machine learning
Deep learning
Malware (Computer software)
Aprenentatge Automàtic
Aprenentatge Profund
Aprenentatge Automàtic Adversari
Detecció de Programari Maliciós
Android
Aprenentatge de Representacions
Machine Learning
Deep Learning
Adversarial Machine Learning
Malware Detection
Representation Learning
Aprenentatge automàtic
Aprenentatge profund
Programari maliciós
Àrees temàtiques de la UPC::Informàtica::Intel·ligència artificial::Aprenentatge automàtic
Descrição
Resumo:This research presents DeepTrust, a novel metaheuristic that arranges flexible classifiers, like deep neural networks, into an ordered sequence where the final decision is made by a single internal model based on a step-forward criterion. DeepTrust gets gold medal and state-of-the-art results, outperforming the next-best competitor by up to 266% under feature-space evasion attacks, in the Robust Android Malware Detection competition hosted by the IEEE SaTML 2025 conference. This is accomplished while maintaining the highest detection rate on non-adversarial malware and a false positive rate under 1%. The method's efficacy stems from maximizing the divergence of the learned representations among the internal models. By using classifiers with fundamentally dissimilar data embeddings, the decision space becomes unpredictable for an attacker. This frustrates the iterative perturbation process inherent to evasion attacks, enhancing system robustness without compromising accuracy on clean examples.