Computational intelligence anti-malware framework for android OS

It is a fact that more and more users are adopting the online digital payment systems via mobile devices for everyday use. This attracts powerful gangs of cybercriminals, which use sophisticated and highly intelligent types of malware to broaden their attacks. Malicious software is designed to run quietly and to remain unsolved for a long time. It manages to take full control of the device and to communicate (via the Tor network) with its Command & Control servers of fast-flux botnets’ networks to which it belongs. This is done to achieve the malicious objectives of the botmasters. This paper proposes the development of the computational intelligence anti-malware framework (CIantiMF) which is innovative, ultra-fast and has low requirements. It runs under the android operating system (OS) and its reasoning is based on advanced computational intelligence approaches. The selection of the android OS was based on its popularity and on the number of critical applications available for it. The CIantiMF uses two advanced technology extensions for the ART java virtual machine which is the default in the recent versions of android. The first is the smart anti-malware extension, which can recognize whether the java classes of an android application are benign or malicious using an optimized multi-layer perceptron. The optimization is done by the employment of the biogeography-based optimizer algorithm. The second is the Tor online traffic identification extension, which is capable of achieving malware localization, Tor traffic identification and botnets prohibition, with the use of the online sequential extreme learning machine algorithm.

[1]  Konstantinos Demertzis,et al.  Evolving Computational Intelligence System for Malware Detection , 2014, CAiSE Workshops.

[2]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[3]  Axelle Apvrille,et al.  Reducing the window of opportunity for Android malware Gotta catch ’em all , 2012, Journal in Computer Virology.

[4]  Chi Cheng,et al.  Extreme learning machines for intrusion detection , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[5]  Konstantinos Demertzis,et al.  Comparative analysis of exhaust emissions caused by chainsaws with soft computing and statistical approaches , 2018, International Journal of Environmental Science and Technology.

[6]  Konstantinos Demertzis,et al.  Fast and low cost prediction of extreme air pollution values with hybrid unsupervised learning , 2016, Integr. Comput. Aided Eng..

[7]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[8]  Jun Zhang,et al.  An Effective Network Traffic Classification Method with Unknown Flow Detection , 2013, IEEE Transactions on Network and Service Management.

[9]  Richard E. Harang,et al.  Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[10]  Yuval Elovici,et al.  Automated Static Code Analysis for Classifying Android Applications Using Machine Learning , 2010, 2010 International Conference on Computational Intelligence and Security.

[11]  Soonhak Kwon,et al.  Information Security and Cryptology - ICISC 2015 , 2015, Lecture Notes in Computer Science.

[12]  Konstantinos Demertzis,et al.  Machine learning use in predicting interior spruce wood density utilizing progeny test information , 2017, Neural Computing and Applications.

[13]  Qinyu. Zhu Extreme Learning Machine , 2013 .

[14]  Konstantinos Demertzis,et al.  Hybrid intelligent modeling of wild fires risk , 2018, Evol. Syst..

[15]  Konstantinos Demertzis,et al.  FuSSFFra, a fuzzy semi-supervised forecasting framework: the case of the air pollution in Athens , 2018, Neural Computing and Applications.

[16]  Hahn-Ming Lee,et al.  Real-Time Fast-Flux Identification via Localized Spatial Geolocation Detection , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[17]  Julian Vetter,et al.  Uncloaking Rootkits on Mobile Devices with a Hypervisor-Based Detector , 2015, ICISC.

[18]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[19]  Truong Dinh Tu,et al.  Detecting bot-infected machines based on analyzing the similar periodic DNS queries , 2015, 2015 International Conference on Communications, Management and Telecommunications (ComManTel).

[20]  Sahin Albayrak,et al.  Smartphone malware evolution revisited: Android next target? , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[21]  Ankit Desai,et al.  An Empirical Evaluation of Adaboost Extensions for Cost-Sensitive Classification , 2012 .

[22]  Terrance E. Boult,et al.  A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions , 2016, IEEE Communications Surveys & Tutorials.

[23]  Chee Kheong Siew,et al.  Extreme learning machine: Theory and applications , 2006, Neurocomputing.

[24]  Angelos D. Keromytis,et al.  Traffic Analysis against Low-Latency Anonymity Networks Using Available Bandwidth Estimation , 2010, ESORICS.

[25]  Deepika Bansal,et al.  Secure Socket Layer and its Security Analysis , 2015 .

[26]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[27]  Konstantinos Demertzis,et al.  A Bio-Inspired Hybrid Artificial Intelligence Framework for Cyber Security , 2015 .

[28]  Konstantinos Demertzis,et al.  An innovative soft computing system for smart energy grids cybersecurity , 2018 .

[29]  Konstantinos Demertzis,et al.  Detecting invasive species with a bio-inspired semi-supervised neurocomputing approach: the case of Lagocephalus sceleratus , 2017, Neural Computing and Applications.

[30]  Riccardo Scandariato,et al.  Predicting vulnerable classes in an Android application , 2012, MetriSec '12.

[31]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[32]  Jalal Omer Atoum,et al.  A Model for Detecting Tor Encrypted Traffic using Supervised Machine Learning , 2015 .

[33]  Konstantinos Demertzis,et al.  Extreme deep learning in biosecurity: the case of machine hearing for marine species identification , 2018, J. Inf. Telecommun..

[34]  Narasimhan Sundararajan,et al.  A Fast and Accurate Online Sequential Learning Algorithm for Feedforward Networks , 2006, IEEE Transactions on Neural Networks.

[35]  Konstantinos Demertzis,et al.  Bio-inspired Hybrid Intelligent Method for Detecting Android Malware , 2016, KICSS.

[36]  Konstantinos Demertzis,et al.  Classifying with fuzzy chi-square test: The case of invasive species , 2018 .

[37]  Yuval Elovici,et al.  Securing Android-Powered Mobile Devices Using SELinux , 2010, IEEE Security & Privacy.

[38]  Konstantinos Demertzis,et al.  Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains , 2015, SLDS.

[39]  Jamie Hayes Traffic Confirmation Attacks Despite Noise , 2016, ArXiv.

[40]  Chun-Ying Huang,et al.  Fast-Flux Bot Detection in Real Time , 2010, RAID.

[41]  Vitor Monte Afonso,et al.  Identifying Android malware using dynamically obtained features , 2014, Journal of Computer Virology and Hacking Techniques.

[42]  Narasimhan Sundararajan,et al.  On-Line Sequential Extreme Learning Machine , 2005, Computational Intelligence.

[43]  Mohamed Ali Kâafar,et al.  Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network , 2010, 2010 Fourth International Conference on Network and System Security.

[44]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[45]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[46]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[47]  Konstantinos Demertzis,et al.  Commentary: Aedes albopictus and Aedes japonicas—two invasive mosquito species with different temperature niches in Europe , 2017, Front. Environ. Sci..

[48]  Angelos D. Keromytis,et al.  Identifying Proxy Nodes in a Tor Anonymization Circuit , 2008, 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems.

[49]  Konstantinos Demertzis,et al.  Hybrid Soft Computing Analytics of Cardiorespiratory Morbidity and Mortality Risk Due to Air Pollution , 2017, ISCRAM-med.

[50]  Mehdi Kharrazi,et al.  DETECTION OF FAST-FLUX BOTNETS THROUGH DNS TRAFFIC ANALYSIS , 2015 .

[51]  Ali Abdollahzadeh Sangroudi,et al.  Botnets Detection for keeping the Security of Computer Systems based on Fuzzy Clustering , 2015 .

[52]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[53]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[54]  Konstantinos Demertzis,et al.  HISYCOL a hybrid computational intelligence system for combined machine learning: the case of air pollution modeling in Athens , 2015, Neural Computing and Applications.

[55]  Angelos D. Keromytis,et al.  On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records , 2014, PAM.

[56]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[57]  Konstantinos Demertzis,et al.  A Hybrid Network Anomaly and Intrusion Detection Approach Based on Evolving Spiking Neural Network Classification , 2013, e-Democracy.

[58]  Konstantinos Demertzis,et al.  Artificial Intelligence Applications and Innovations: 18th IFIP WG 12.5 International Conference, AIAI 2022, Hersonissos, Crete, Greece, June 17–20, 2022, Proceedings, Part II , 2022, IFIP Advances in Information and Communication Technology.

[59]  Konstantinos Demertzis,et al.  SAME: An Intelligent Anti-malware Extension for Android ART Virtual Machine , 2015, ICCCI.

[60]  Shishir Nagaraja,et al.  On the Reliability of Network Measurement Techniques Used for Malware Traffic Analysis , 2014, Security Protocols Workshop.

[61]  A. Nur Zincir-Heywood,et al.  A Comparison of three machine learning techniques for encrypted network traffic analysis , 2011, 2011 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA).

[62]  Riyad Alshammari,et al.  A flow based approach for SSH traffic detection , 2007, 2007 IEEE International Conference on Systems, Man and Cybernetics.

[63]  Ian Goldberg,et al.  Provably Secure and Practical Onion Routing , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[64]  Konstantinos Demertzis,et al.  Blockchain-based Consents Management for Personal Data Processing in the IoT Ecosystem , 2018, ICETE.

[65]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.