Mobile App and Malware Classifications by Mobile Usage with Time Dynamics

Smartphones have become a popular target for cyberattacks. Malware can be embedded into the mobile applications. Several techniques have been proposed to alleviate these problems. However, these solutions may perform experiments by using simulated data, or may require root system privileges, or did not take advantage of the discovered patterns to build more effective malware detection methods. In this paper, we use the SherLock data which is a labeled smartphone dataset that captures ongoing attacks within the low-privileged monitorable features. We analyze the usage behaviors, discover temporal and usage patterns, and further examine multiple classification techniques to predict the type and the running state (i.e., benign and malicious) of the mobile apps by using different combinations of feature sets. Our experiments identified the best feature sets and methods to detect malwares, and we demonstrate the usefulness of temporal information in the predictive analysis.

[1]  Azzedine Benameur,et al.  Insights into rooted and non-rooted Android mobile devices with behavior analytics , 2016, SAC.

[2]  Ali Feizollah,et al.  Evaluation of machine learning classifiers for mobile malware detection , 2014, Soft Computing.

[3]  Ming-Syan Chen,et al.  iLauncher: an intelligent launcher for mobile apps based on individual usage patterns , 2013, SAC '13.

[4]  Jin-Hyuk Hong,et al.  Understanding and prediction of mobile application usage for smart phones , 2012, UbiComp.

[5]  Jian Zhang,et al.  Classification of Android apps and malware using deep neural networks , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[6]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[7]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[8]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[9]  Christian Bauckhage,et al.  Malware Detection on Mobile Devices Using Distributed Machine Learning , 2010, 2010 20th International Conference on Pattern Recognition.

[10]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[11]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[12]  Taehun Kim,et al.  Exploratory Malware Analysis of Mobile Usages , 2018, SIGITE.

[13]  Geoff Holmes,et al.  Classifier Chains for Multi-label Classification , 2009, ECML/PKDD.

[14]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[15]  Tei-Wei Kuo,et al.  Application behavior analysis in resource consumption for mobile devices , 2014, SAC.

[16]  Yuhong Guo,et al.  Proceedings of the Twenty-Second International Joint Conference on Artificial Intelligence Multi-Label Classification Using Conditional Dependency Networks , 2022 .

[17]  Lior Rokach,et al.  SherLock vs Moriarty: A Smartphone Dataset for Cybersecurity Research , 2016, AISec@CCS.

[18]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[19]  Grigorios Tsoumakas,et al.  Multi-Label Classification: An Overview , 2007, Int. J. Data Warehous. Min..