Top

Published in:

2017 | OriginalPaper | Chapter

IntelliAV: Toward the Feasibility of Building Intelligent Anti-malware on Android Devices

Authors : Mansour Ahmadi, Angelo Sotgiu, Giorgio Giacinto

Published in: Machine Learning and Knowledge Extraction

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Android is targeted the most by malware coders as the number of Android users is increasing. Although there are many Android anti-malware solutions available in the market, almost all of them are based on malware signatures, and more advanced solutions based on machine learning techniques are not deemed to be practical for the limited computational resources of mobile devices. In this paper we aim to show not only that the computational resources of consumer mobile devices allow deploying an efficient anti-malware solution based on machine learning techniques, but also that such a tool provides an effective defense against novel malware, for which signatures are not yet available. To this end, we first propose the extraction of a set of lightweight yet effective features from Android applications. Then, we embed these features in a vector space, and use a pre-trained machine learning model on the device for detecting malicious applications. We show that without resorting to any signatures, and relying only on a training phase involving a reasonable set of samples, the proposed system outperforms many commercial anti-malware products, as well as providing slightly better performances than the most effective commercial products.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Practical Estimation of Mutual Information on Non-Euclidean Spaces

next chapter DO NOT DISTURB? Classifier Behavior on Perturbed Datasets

http://www.intelliav.com.

http://www.androidrank.org/.

Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICSSITE, vol. 127, pp. 86–103. Springer, Cham (2013). doi:10.1007/978-3-319-04283-1_6 CrossRef

Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., Devin, M., Ghemawat, S., Irving, G., Isard, M., Kudlur, M., Levenberg, J., Monga, R., Moore, S., Murray, D.G., Steiner, B., Tucker, P., Vasudevan, V., Warden, P., Wicke, M., Yu, Y., Zheng, X.: Tensorflow: a system for large-scale machine learning. In: OSDI, pp. 265–283. USENIX Association (2016)

Ahmadi, M., Biggio, B., Arzt, S., Ariu, D., Giacinto, G.: Detecting misuse of google cloud messaging in android badware. In: SPSM, pp. 103–112 (2016)

Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., Giacinto, G.: Novel feature extraction, selection and fusion for effective malware family classification. In: CODASPY, pp. 183–194 (2016)

Amos, B., Turner, H., White, J.: Applying machine learning classifiers to dynamic android malware detection at scale. In: 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1666–1671, July 2013

Andronio, N., Zanero, S., Maggi, F.: HelDroid: dissecting and detecting mobile ransomware. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 382–404. Springer, Cham (2015). doi:10.1007/978-3-319-26362-5_18 CrossRef

Aresu, M., Ariu, D., Ahmadi, M., Maiorca, D., Giacinto, G.: Clustering android malware families by http traffic. In: MALWARE, pp. 128–135 (2015)

Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS (2014)

Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, NY, USA, pp. 259–269. ACM, New York (2014)

10.

AV-TEST: Security report 2015/16 (2017). https://goo.gl/FepOGQ

11.

Avdiienko, V., Kuznetsov, K., Gorla, A., Zeller, A., Arzt, S., Rasthofer, S., Bodden, E.: Mining apps for abnormal usage of sensitive data. In: ICSE, pp. 426–436 (2015)

12.

Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time, pp. 387–402 (2013)

13.

Bishop, C.: Pattern Recognition and Machine Learning. Information Science and Statistics, 1st edn. Springer, New York (2006)MATH

14.

Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefMATH

15.

Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, NY, USA, pp. 15–26. ACM, New York (2011)

16.

Colthurst, T., Sculley, D., Hendry, G., Nado, Z.: Tensorforest: scalable random forests on tensorflow. In: Machine Learning Systems Workshop at NIPS (2016)

17.

Dash, S.K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., Cavallaro, L.: Droidscribe: classifying android malware based on runtime behavior. In: 2016 IEEE Security and Privacy Workshops (SPW), pp. 252–261, May 2016

18.

eweek: symantec adds deep learning to anti-malware tools to detect zero-days, January 2016. http://www.eweek.com/security/symantec-adds-deep-learning-to-anti-malware-tools-to-detect

19.

Fernández-Delgado, M., Cernadas, E., Barro, S., Amorim, D.: Do we need hundreds of classifiers to solve real world classification problems? J. Mach. Learn. Res. 15(1), 3133–3181 (2014)MathSciNetMATH

20.

Fortinet: Android locker malware uses google cloud messaging service, January 2017. https://blog.fortinet.com/2017/01/16/android-locker-malware-uses-google-cloud-messaging-service

21.

Fortinet: deep analysis of android rootnik malware using advanced anti-debug and anti-hook, January 2017. https://goo.gl/dq5w8R

22.

Fortinet: teardown of a recent variant of android/ztorg (part 1), March 2017. https://blog.fortinet.com/2017/03/15/teardown-of-a-recent-variant-of-android-ztorg-part-1

23.

Fortinet: teardown of android/ztorg (part 2), March 2017. http://blog.fortinet.com/2017/03/08/teardown-of-android-ztorg-part-2

24.

Google: An investigation of chrysaor malware on android, April 2017. https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html

25.

IDC: smartphone OS market share, q2 2016 (2016). http://www.idc.com/promo/smartphone-market-share/os

26.

Islam, N., Das, S., Chen, Y.: On-device mobile phone security exploits machine learning. IEEE Pervasive Comput. 16(2), 92–96 (2017)CrossRef

27.

Lookout: pegasus for android, April 2017. https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf

28.

Maiorca, D., Mercaldo, F., Giacinto, G., Visaggio, A., Martinelli, F.: R-packdroid: API package-based characterization and detection of mobile ransomware. In: ACM Symposium on Applied Computing (2017)

29.

Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: MaMaDroid: detecting android malware by building markov chains of behavioral models. In: ISOC Network and Distributed Systems Security Symposiym (NDSS), San Diego, CA (2017)

30.

McAfee: mobile threat report (2016). https://www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2016.pdf

31.

Check point: charger malware calls and raises the risk on google play. http://blog.checkpoint.com/2017/01/24/charger-malware/

32.

Check point: preinstalled malware targeting mobile users. http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

33.

Check point: whale of a tale: hummingbad returns. http://blog.checkpoint.com/2017/01/23/hummingbad-returns/

34.

Sadeghi, A., Bagheri, H., Garcia, J., Malek, S.: A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans. Softw. Eng. PP(99), 1 (2016)

35.

f secure: mobile threat report q1 2014 (2014). https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf

36.

Suarez-Tangil, G., Dash, S.K., Ahmadi, M., Kinder, J., Giacinto, G., Cavallaro, L.: Droidsieve: fast and accurate classification of obfuscated android malware. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (CODASPY 2017), pp. 309–320 (2017)

37.

Taylor, V.F., Martinovic, I.: Securank: starving permission-hungry apps using contextual permission analysis. In: Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2016), NY, USA, pp. 43–52. ACM, New York (2016)

38.

Trustlook: trustlook AI, March 2017. https://www.trustlook.com/

39.

VirusTotal: virustotal blog, March 2017. http://blog.virustotal.com/2017_03_01_archive.html

40.

Xia, M., Gong, L., Lyu, Y., Qi, Z., Liu, X.: Effective real-time android application auditing. In: IEEE Symposium on Security and Privacy, pp. 899–914. IEEE Computer Society (2015)

41.

Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). doi:10.1007/978-3-319-11203-9_10

42.

Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: CCS, New York, NY, USA, pp. 1105–1116 (2014)

Title: IntelliAV: Toward the Feasibility of Building Intelligent Anti-malware on Android Devices
Authors: Mansour Ahmadi
Angelo Sotgiu
Giorgio Giacinto
Publisher: Springer International Publishing
Book: Machine Learning and Knowledge Extraction
Print ISBN: 978-3-319-66807-9

Electronic ISBN: 978-3-319-66808-6

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-66808-6_10

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner