An adaptive framework against android privilege escalation threats using deep learning and semi-supervised approaches

Abstract The immense popularity of Android makes it a primary target of malicious attackers and developers which brings a significant threat from malicious applications for android users through the escalation of the abuse of android permissions and inter-component communication (ICC) mechanism. Therefore, protecting android users from malicious developers and applications is crucial for Android market and communities. As malicious applications can hide their malicious behavior and change the behaviors frequently by abusing the android’s ICC mechanism and related vulnerabilities, it is a challenging task to identify them accurately before it becomes a prevalent reason for users’ privacy and data breach. Therefore, it is essential to develop such a malware detection engine that will ensure zero-day detection. In this research, we propose an adaptive framework which can learn the behavior of malware from the usage of permissions and their escalations. For our adaptive framework, we proposed two different detection models using deep learning and semi-supervised approaches. The proposed detection models can extract knowledge from unlabeled apps to identify the new malicious behavior using the unsupervised training nature of deep learning and clustering techniques and their integration to the supervised detection engine. Thus, our adaptive framework learns about new malicious apps and their behavior without supervised labeling by manual expert and can ensure zero-day protection. The proposed detection models have been tested on a real mobile malware test-bed and data set. The Experimental results show that the deep learning and semi-supervised based models achieve 99.024% of accuracies, more effective for zero-day protection and outperform other existing supervised detection engines.

[1]  Jignesh M. Patel,et al.  Estimating the selectivity of tf-idf based cosine similarity predicates , 2007, SGMD.

[2]  Jiaul H. Paik A novel TF-IDF weighting scheme for effective ranking , 2013, SIGIR.

[3]  Xiaolei Wang,et al.  A Novel Android Malware Detection Approach Based on Convolutional Neural Network , 2018, ICCSP.

[4]  Sakshi Babbar,et al.  Research Trends in Malware Detection on Android Devices , 2017 .

[5]  Ing-Ray Chen,et al.  Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[6]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.

[7]  Sheng-De Wang,et al.  Machine Learning Based Hybrid Behavior Models for Android Malware Analysis , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[8]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[9]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[10]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[11]  Cengiz Acartürk,et al.  The analysis of feature selection methods and classification algorithms in permission based Android malware detection , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[12]  Shengwei Tian,et al.  Deep Learning in Drebin: Android malware Image Texture Median Filter Analysis and Detection , 2019, KSII Transactions on Internet and Information Systems.

[13]  Kuan-Ching Li,et al.  A novel approach for mobile malware classification and detection in Android systems , 2018, Multimedia Tools and Applications.

[14]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[15]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[16]  Geoffrey E. Hinton,et al.  Deep Learning , 2015, Nature.

[17]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..

[18]  Wei Wang,et al.  Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network , 2018, Journal of Ambient Intelligence and Humanized Computing.

[19]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[20]  Ninghui Li,et al.  Using probabilistic generative models for ranking risks of Android apps , 2012, CCS.

[21]  Anshul Arora,et al.  Hybrid Android Malware Detection by Combining Supervised and Unsupervised Learning , 2018, MobiCom.

[22]  Charles A. Bouman,et al.  CLUSTER: An Unsupervised Algorithm for Modeling Gaussian Mixtures , 2014 .

[23]  Andrew P. Bradley,et al.  The use of the area under the ROC curve in the evaluation of machine learning algorithms , 1997, Pattern Recognit..

[24]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[25]  Witold R. Rudnicki,et al.  Feature Selection with the Boruta Package , 2010 .

[26]  Yibo Xue,et al.  Fine-grained Android Malware Detection based on Deep Learning , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[27]  Sotiris B. Kotsiantis,et al.  Supervised Machine Learning: A Review of Classification Techniques , 2007, Informatica.

[28]  Ke Xu,et al.  ICCDetector: ICC-Based Malware Detection on Android , 2016, IEEE Transactions on Information Forensics and Security.

[29]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[30]  Sakir Sezer,et al.  Android Malware Detection Using Parallel Machine Learning Classifiers , 2014, 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies.

[31]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[32]  Ping Yan,et al.  A survey on dynamic mobile malware detection , 2017, Software Quality Journal.

[33]  Ajay Rana,et al.  K-means with Three different Distance Metrics , 2013 .

[34]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[35]  Michal Szczepanik,et al.  Malware Detection Using Machine Learning Algorithms and Reverse Engineering of Android Java Code , 2019, International Journal of Network Security & Its Applications.

[36]  Xing Chen,et al.  DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model , 2018, Neurocomputing.

[37]  Zhihua Wang,et al.  FgDetector: Fine-Grained Android Malware Detection , 2017, 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC).

[38]  Robertas Damaševičius,et al.  Android Malware Detection: A Survey , 2018, ICAI.

[39]  Jiqiang Liu,et al.  A Two-Layered Permission-Based Android Malware Detection Scheme , 2014, 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering.

[40]  Sakir Sezer,et al.  High accuracy android malware detection using ensemble learning , 2015, IET Inf. Secur..