An Artificial Arms Race: Could it Improve Mobile Malware Detectors?

On the Internet today, mobile malware is one of the most common attack methods. These attacks are usually established via malicious mobile apps. To combat this threat, one technique used is the deployment of mobile malware detectors. As the mobile threats evolve, designing and developing mobile malware detectors remains a challenging task. In this paper, we aim to explore whether creating an artificial arms race between mobile malware and detectors could improve the ability of the detector to adapt to the evolving threats. To better model this interaction, we present a co-evolution of both sides of the arms race using genetic algorithms. The experimental evaluations on publicly available malicious and non-malicious mobile apps and their variants generated by the artificial arms race show that this approach improves the detectors understanding of the problem.

[1]  Muhammad Zubair Shafiq,et al.  Evolvable malware , 2009, GECCO.

[2]  Anastasia Skovoroda,et al.  Review of the Mobile Malware Detection Approaches , 2015, 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[3]  Wenke Lee,et al.  Evading network anomaly detection systems: formal reasoning and practical techniques , 2006, CCS '06.

[4]  Wolfgang Banzhaf,et al.  Effective Linear Genetic Programming , 2001 .

[5]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[6]  Malcolm I. Heywood,et al.  Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race , 2011, Appl. Soft Comput..

[7]  Yang Liu,et al.  Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning , 2017, IEEE Transactions on Emerging Topics in Computational Intelligence.

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Malcolm I. Heywood,et al.  Return-oriented programme evolution with ROPER: a proof of concept , 2017, GECCO.

[10]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[11]  Yang Liu,et al.  Adaptive and scalable Android malware detection through online learning , 2016, 2016 International Joint Conference on Neural Networks (IJCNN).

[12]  J. R. Quinlan,et al.  Data Mining Tools See5 and C5.0 , 2004 .

[13]  Malcolm I. Heywood,et al.  Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing , 2011, Evol. Intell..

[14]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[15]  Yang Liu,et al.  Mystique: Evolving Android Malware for Auditing Anti-Malware Tools , 2016, AsiaCCS.

[16]  Philip S. Yu,et al.  Contaminant removal for Android malware detection systems , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[17]  Xiangliang Zhang,et al.  Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection , 2014, IEEE Transactions on Information Forensics and Security.

[18]  Mohamed Wiem Mkaouer,et al.  M-Perm: A Lightweight Detector for Android Permission Gaps , 2017, 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft).