Enabling GPU-assisted Antivirus Protection on Android Devices through Edge Offloading

Antivirus software are the most popular tools for detecting and stopping malicious or unwanted files. However, the performance requirements of traditional host-based antivirus make their wide adoption to mobile, embedded, and hand-held devices questionable. Their computational- and memory-intensive characteristics, which are needed to cope with the evolved and sophisticated malware, makes their deployment to mobile processors a hard task. Moreover, their increasing complexity may result in vulnerabilities that can be exploited by malware. In this paper, we first describe a GPU-based antivirus algorithm for Android devices. Then, due to the limited number of GPU-enabled Android devices, we present different architecture designs that exploit code offloading for running the antivirus on more powerful machines. This approach enables lower execution and memory overheads, better performance, and improved deployability and management. We evaluate the performance, scalability, and efficacy of the system in several different scenarios and setups. We show that the time to detect a malware is 8.4 times lower than the typical local execution approach.

[1]  Sotiris Ioannidis,et al.  GrAVity: A Massively Parallel Antivirus Engine , 2010, RAID.

[2]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[3]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[4]  Byung-Gon Chun,et al.  CloneCloud: elastic execution between mobile device and cloud , 2011, EuroSys '11.

[5]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.

[6]  Thomas Zefferer,et al.  Flexible and Secure Resource Sharing for Mobile Augmentation Systems , 2016, 2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud).

[7]  Eric Medvet,et al.  Acquiring and Analyzing App Metrics for Effective Mobile Malware Detection , 2016, IWSPA@CODASPY.

[8]  Chao Yang,et al.  DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications , 2014, ESORICS.

[9]  Giulio Giunta,et al.  Enabling Android-Based Devices to High-End GPGPUs , 2016, ICA3PP.

[10]  Hongseok Yang,et al.  Automated concolic testing of smartphone apps , 2012, SIGSOFT FSE.

[11]  Giulio Giunta,et al.  Accelerating Linux and Android applications on low‐power devices through remote GPGPU offloading , 2017, Concurr. Comput. Pract. Exp..

[12]  Dawn Xiaodong Song,et al.  NetworkProfiler: Towards automatic fingerprinting of Android apps , 2013, 2013 Proceedings IEEE INFOCOM.

[13]  Laura Vasiliu,et al.  CloneCloud: Elastic Execution between Mobile Device and Cloud , 2012 .

[14]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[15]  Sotiris Ioannidis,et al.  MIDeA: a multi-parallel intrusion detection architecture , 2011, CCS '11.

[16]  Marlien Herselman,et al.  Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , 2015 .

[17]  Paramvir Bahl,et al.  The Case for VM-Based Cloudlets in Mobile Computing , 2009, IEEE Pervasive Computing.

[18]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[19]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[20]  Anat Bremler-Barr,et al.  Deep Packet Inspection as a Service , 2014, CoNEXT.

[21]  Isil Dillig,et al.  Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability , 2016, NDSS.

[22]  Vassilis Kostakos,et al.  Large-scale offloading in the Internet of Things , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[23]  Khaled Ben Letaief,et al.  Dynamic Computation Offloading for Mobile-Edge Computing With Energy Harvesting Devices , 2016, IEEE Journal on Selected Areas in Communications.

[24]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.

[25]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[26]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[27]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[28]  Pan Hui,et al.  ThinkAir: Dynamic resource allocation and parallel execution in the cloud for mobile code offloading , 2012, 2012 Proceedings IEEE INFOCOM.

[29]  Federico Silla,et al.  rCUDA: Reducing the number of GPU-based accelerators in high performance clusters , 2010, 2010 International Conference on High Performance Computing & Simulation.

[30]  Genshe Chen,et al.  ScanMe mobile: a cloud-based Android malware analysis service , 2016, SIAP.

[31]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[32]  Vivek Sarkar,et al.  JCUDA: A Programmer-Friendly Interface for Accelerating Java Programs with CUDA , 2009, Euro-Par.