DRo: A data-scarce mechanism to revolutionize the performance of Deep Learning based Security Systems

TL;DR

DRo introduces a novel data augmentation mechanism leveraging deep clustering and self-augmentation to significantly improve deep learning security systems in data-scarce environments, demonstrated by enhanced malware detection accuracy.

Contribution

The paper presents DRo, a new mechanism that enhances deep learning performance in data-scarce security domains through synthetic data generation and self-augmented training.

Findings

Reduces false alarms by 67.9% in malware detection

Boosts classifier accuracy by 11.3%

Effective with limited feature information

Abstract

Supervised Deep Learning requires plenty of labeled data to converge, and hence perform optimally for task-specific learning. Therefore, we propose a novel mechanism named DRo (for Deep Routing) for data-scarce domains like security. The DRo approach builds upon some of the recent developments in Deep-Clustering. In particular, it exploits the self-augmented training mechanism using synthetically generated local perturbations. DRo not only allays the challenges with sparse-labeled data but also offers many unique advantages. We also developed a system named DRoID that uses the DRo mechanism for enhancing the performance of an existing Malware Detection System that uses (low information features like the) Android implicit Intent(s) as the only features. We conduct experiments on DRoID using a popular and standardized Android malware dataset and found that the DRo mechanism could successfully reduce the false-alarms generated by the downstream classifier by 67.9%, and also simultaneously boosts its accuracy by 11.3%. This is significant not only because the gains achieved are unparalleled but also because the features used were never considered rich enough to train a classifier on; and hence no decent performance could ever be reported by any malware classification system till-date using these features in isolation. Owing to the results achieved, the DRo mechanism claims a dominant position amongst all known systems that aims to enhance the classification performance of deep learning models with sparse-labeled data.