Towards Robust Real-Time Hardware-based Mobile Malware Detection using Multiple Instance Learning Formulation

• URL: http://arxiv.org/abs/2404.13125v1
• Date: Fri, 19 Apr 2024 18:28:38 GMT
• Title: Towards Robust Real-Time Hardware-based Mobile Malware Detection using Multiple Instance Learning Formulation
• Authors: Harshit Kumar, Sudarshan Sharma, Biswadeep Chakraborty, Saibal Mukhopadhyay,
• Abstract summary: This study introduces RT-HMD, a Hardware-based Malware Detector (HMD) for mobile devices. We address the mislabeling issue in real-time HMDs, where benign segments in malware time-series incorrectly inherit malware labels.
• Score: 16.647167616059594
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: This study introduces RT-HMD, a Hardware-based Malware Detector (HMD) for mobile devices, that refines malware representation in segmented time-series through a Multiple Instance Learning (MIL) approach. We address the mislabeling issue in real-time HMDs, where benign segments in malware time-series incorrectly inherit malware labels, leading to increased false positives. Utilizing the proposed Malicious Discriminative Score within the MIL framework, RT-HMD effectively identifies localized malware behaviors, thereby improving the predictive accuracy. Empirical analysis, using a hardware telemetry dataset collected from a mobile platform across 723 benign and 1033 malware samples, shows a 5% precision boost while maintaining recall, outperforming baselines affected by mislabeled benign segments.

Related papers

• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Small Effect Sizes in Malware Detection? Make Harder Train/Test Splits! [51.668411293817464]
  Industry practitioners care about small improvements in malware detection accuracy because their models are deployed to hundreds of millions of machines. Academic research is often restrained to public datasets on the order of ten thousand samples. We devise an approach to generate a benchmark of difficulty from a pool of available samples.
  arXiv  Detail & Related papers  (2023-12-25T21:25:55Z)
• Discovering Malicious Signatures in Software from Structural Interactions [7.06449725392051]
  We propose a novel malware detection approach that leverages deep learning, mathematical techniques, and network science. Our approach focuses on static and dynamic analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile applications within a complex network. Our approach marks a substantial improvement in malware detection, providing a notably more accurate and efficient solution.
  arXiv  Detail & Related papers  (2023-12-19T23:42:20Z)
• Android Malware Detection with Unbiased Confidence Guarantees [1.6432632226868131]
  We propose a machine learning dynamic analysis approach that provides provably valid confidence guarantees in each malware detection. The proposed approach is based on a novel machine learning framework, called Conformal Prediction, combined with a random forests classifier. We examine its performance on a large-scale dataset collected by installing 1866 malicious and 4816 benign applications on a real android device.
  arXiv  Detail & Related papers  (2023-12-17T11:07:31Z)
• Can Feature Engineering Help Quantum Machine Learning for Malware Detection? [7.010669841466896]
  We propose a hybrid framework of theoretical Quantum ML to address this problem. VQC with XGBoost selected features can get a 78.91% test accuracy on the simulator. The average accuracy for the model trained using the features selected with XGBoost was 74%.
  arXiv  Detail & Related papers  (2023-05-03T19:33:49Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Sequential Embedding-based Attentive (SEA) classifier for malware classification [1.290382979353427]
  We come up with a solution for malware detection using state-of-the-art natural language processing (NLP) techniques. Our proposed model is tested on the benchmark data set with an accuracy and log loss score of 99.13 percent and 0.04 respectively.
  arXiv  Detail & Related papers  (2023-02-11T15:48:16Z)
• Towards a Fair Comparison and Realistic Design and Evaluation Framework of Android Malware Detectors [63.75363908696257]
  We analyze 10 influential research works on Android malware detection using a common evaluation framework. We identify five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models. We conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
  arXiv  Detail & Related papers  (2022-05-25T08:28:08Z)
• Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors [49.34155921877441]
  We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors. We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware. Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
  arXiv  Detail & Related papers  (2021-11-19T08:02:38Z)
• ML-based IoT Malware Detection Under Adversarial Settings: A Systematic Evaluation [9.143713488498513]
  This work systematically examines the state-of-the-art malware detection approaches, that utilize various representation and learning techniques. We show that software mutations with functionality-preserving operations, such as stripping and padding, significantly deteriorate the accuracy of such detectors.
  arXiv  Detail & Related papers  (2021-08-30T16:54:07Z)
• Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection [71.84087757644708]
  The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 scanners. There are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies. We implemented a method, Maat, that tackles these issues of standardization and sustainability by automatically generating a Machine Learning (ML)-based labeling scheme.
  arXiv  Detail & Related papers  (2020-07-01T14:15:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.