Dynamic detection of mobile malware using smartphone data and machine learning

• URL: http://arxiv.org/abs/2107.11167v1
• Date: Fri, 23 Jul 2021 12:33:14 GMT
• Title: Dynamic detection of mobile malware using smartphone data and machine learning
• Authors: J.S. Panman de Wit, J. van der Ham, D. Bucur
• Abstract summary: Mobile malware are malicious programs that target mobile devices. Number of active smartphone users is expected to grow, stressing the importance of research on the detection of mobile malware. In this paper, we provide an overview of the performance of machine learning (ML) techniques to detect malware on Android, without using privileged access.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: Mobile malware are malicious programs that target mobile devices. They are an increasing problem, as seen in the rise of detected mobile malware samples per year. The number of active smartphone users is expected to grow, stressing the importance of research on the detection of mobile malware. Detection methods for mobile malware exist but are still limited. In this paper, we provide an overview of the performance of machine learning (ML) techniques to detect malware on Android, without using privileged access. The ML-classifiers use device information such as the CPU usage, battery usage, and memory usage for the detection of 10 subtypes of Mobile Trojans on the Android Operating System (OS). We use a real-life dataset containing device and malware data from 47 users for a year (2016). We examine which features, i.e. aspects, of a device, are most important to monitor to detect (subtypes of) Mobile Trojans. The focus of this paper is on dynamic hardware features. Using these dynamic features we apply state-of-the-art machine learning classifiers: Random Forest, K-Nearest Neighbour, and AdaBoost. We show classification results on different feature sets, making a distinction between global device features, and specific app features. None of the measured feature sets require privileged access. Our results show that the Random Forest classifier performs best as a general malware classifier: across 10 subtypes of Mobile Trojans, it achieves an F1 score of 0.73 with a False Positive Rate (FPR) of 0.009 and a False Negative Rate (FNR) of 0.380. The Random Forest, K-Nearest Neighbours, and AdaBoost classifiers achieve F1 scores above 0.72, an FPR below 0.02 and, an FNR below 0.33, when trained separately to detect each subtype of Mobile Trojans.

Related papers

• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Sequential Embedding-based Attentive (SEA) classifier for malware classification [1.290382979353427]
  We come up with a solution for malware detection using state-of-the-art natural language processing (NLP) techniques. Our proposed model is tested on the benchmark data set with an accuracy and log loss score of 99.13 percent and 0.04 respectively.
  arXiv  Detail & Related papers  (2023-02-11T15:48:16Z)
• Continuous Learning for Android Malware Detection [15.818435778629635]
  We propose a new hierarchical contrastive learning scheme, and a new sample selection technique to continuously train the Android malware classifier. Our approach reduces the false negative rate from 14% (for the best baseline) to 9%, while also reducing the false positive rate (from 0.86% to 0.48%).
  arXiv  Detail & Related papers  (2023-02-08T20:54:11Z)
• Fast & Furious: Modelling Malware Detection as Evolving Data Streams [6.6892028759947175]
  Malware is a major threat to computer systems and imposes many challenges to cyber security. In this work, we evaluate the impact of concept drift on malware classifiers for two Android datasets.
  arXiv  Detail & Related papers  (2022-05-24T18:43:40Z)
• Mobile Behavioral Biometrics for Passive Authentication [65.94403066225384]
  This work carries out a comparative analysis of unimodal and multimodal behavioral biometric traits. Experiments are performed over HuMIdb, one of the largest and most comprehensive freely available mobile user interaction databases. In our experiments, the most discriminative background sensor is the magnetometer, whereas among touch tasks the best results are achieved with keystroke.
  arXiv  Detail & Related papers  (2022-03-14T17:05:59Z)
• Identification of Significant Permissions for Efficient Android Malware Detection [2.179313476241343]
  One out of every five business/industry mobile application leaks sensitive personal data. Traditional signature/heuristic-based malware detection systems are unable to cope up with current malware challenges. We propose an efficient Android malware detection system using machine learning and deep neural network.
  arXiv  Detail & Related papers  (2021-02-28T22:07:08Z)
• Moving Object Classification with a Sub-6 GHz Massive MIMO Array using Real Data [64.48836187884325]
  Classification between different activities in an indoor environment using wireless signals is an emerging technology for various applications. In this paper, we analyze classification of moving objects by employing machine learning on real data from a massive multi-input-multi-output (MIMO) system in an indoor environment.
  arXiv  Detail & Related papers  (2021-02-09T15:48:35Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)
• Less is More: A privacy-respecting Android malware classifier using Federated Learning [2.1301190271783312]
  LiM is a malware classification framework that leverages Federated Learning to detect and classify malicious apps. Information about newly installed apps is kept locally on users' devices, so that the provider cannot infer which apps were installed by users. We show that LiM is robust against both poisoning attacks by adversaries who control half of the clients, and inference attacks performed by an honest-but-curious cloud server.
  arXiv  Detail & Related papers  (2020-07-16T13:20:33Z)
• Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection [71.84087757644708]
  The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 scanners. There are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies. We implemented a method, Maat, that tackles these issues of standardization and sustainability by automatically generating a Machine Learning (ML)-based labeling scheme.
  arXiv  Detail & Related papers  (2020-07-01T14:15:03Z)
• MobileDets: Searching for Object Detection Architectures for Mobile Accelerators [61.30355783955777]
  Inverted bottleneck layers have been the predominant building blocks in state-of-the-art object detection models on mobile devices. Regular convolutions are a potent component to boost the latency-accuracy trade-off for object detection on accelerators. We obtain a family of object detection models, MobileDets, that achieve state-of-the-art results across mobile accelerators.
  arXiv  Detail & Related papers  (2020-04-30T00:21:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.