A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices

Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers from the security threats of attackers. Consequently, a last line of defense on mobile devices is necessary and much-needed. In this paper, we propose an effective Android malware detection system, MobiTive, leveraging customized deep neural networks to provide a real-time and responsive detection environment on mobile devices. MobiTive is a pre-installed solution rather than an app scanning and monitoring engine using after installation, which is more practical and secure. Although a deep learning-based approach can be maintained on server side efficiently for malware detection, original deep learning models cannot be directly deployed and executed on mobile devices due to various performance limitations, such as computation power, memory size, and energy. Therefore, we evaluate and investigate the following key points: (1) the performance of different feature extraction methods based on source code or binary code; (2) the performance of different feature type selections for deep learning on mobile devices; (3) the detection accuracy of different deep neural networks on mobile devices; (4) the real-time detection performance and accuracy on different mobile devices; (5) the potential based on the evolution trend of mobile devices’ specifications; and finally we further propose a practical solution (MobiTive) to detect Android malware on mobile devices.

[1]  Argo Wibowo,et al.  Mobile Application Performance Improvement with the Implementation of Code Refactor Based on Code Smells Identification: Dutataniku Agriculture Mobile App Case Study , 2022, 2022 Seventh International Conference on Informatics and Computing (ICIC).

[2]  Shang-Wei Lin,et al.  SeqMobile: An Efficient Sequence-Based Malware Detection System Using RNN on Mobile Devices , 2020, 2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS).

[3]  Lei Ma,et al.  Cats Are Not Fish: Deep Learning Testing Calls for Out-Of-Distribution Awareness , 2020, 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[4]  Chao Shen,et al.  Audee: Automated Testing for Deep Learning Frameworks , 2020, 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[5]  Lei Ma,et al.  Marble: Model-based Robustness Analysis of Stateful Deep Learning Systems , 2020, 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[6]  Michael R. Lyu,et al.  Why an Android App is Classified as Malware? Towards Malware Classification Interpretation , 2020, ArXiv.

[7]  Yang Liu,et al.  Towards Characterizing Adversarial Defects of Deep Learning Software from the Lens of Uncertainty , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[8]  Yang Liu,et al.  Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems , 2019, 2021 IEEE Symposium on Security and Privacy (SP).

[9]  Lei Ma,et al.  MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform , 2019, 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS).

[10]  Jianjun Zhao,et al.  An Empirical Study Towards Characterizing Deep Learning Development and Deployment Across Different Frameworks and Platforms , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[11]  Jianjun Zhao,et al.  DeepStellar: model-based quantitative analysis of stateful deep learning systems , 2019, ESEC/SIGSOFT FSE.

[12]  Haijun Wang,et al.  DiffChaser: Detecting Disagreements for Deep Neural Networks , 2019, IJCAI.

[13]  Lei Ma,et al.  DeepHunter: a coverage-guided fuzz testing framework for deep neural networks , 2019, ISSTA.

[14]  E. Hirsch Market , 2019, Encyclopedic Dictionary of Archaeology.

[15]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[16]  Lingling Fan,et al.  A Large-Scale Empirical Study on Industrial Fake Apps , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP).

[17]  Yang Liu,et al.  How Can We Craft Large-Scale Android Malware? An Automated Poisoning Attack , 2019, 2019 IEEE 1st International Workshop on Artificial Intelligence for Mobile (AI4Mobile).

[18]  Lingling Fan,et al.  Are mobile banking apps secure? what can be improved? , 2018, ESEC/SIGSOFT FSE.

[19]  Yang Liu,et al.  Apk2vec: Semi-Supervised Multi-view Representation Learning for Profiling Android Applications , 2018, 2018 IEEE International Conference on Data Mining (ICDM).

[20]  Xiao Chen,et al.  Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection , 2018, IEEE Transactions on Information Forensics and Security.

[21]  Jacques Klein,et al.  Characterising Deprecated Android APIs , 2018, 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR).

[22]  Yinxing Xue,et al.  An Empirical Assessment of Security Risks of Global Android Banking Apps , 2018, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[23]  Lei Ma,et al.  DeepMutation: Mutation Testing of Deep Learning Systems , 2018, 2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE).

[24]  Robert H. Deng,et al.  DeepRefiner: Multi-layer Android Malware Detection System Applying Deep Neural Networks , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[25]  Lei Ma,et al.  DeepGauge: Multi-Granularity Testing Criteria for Deep Learning Systems , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[26]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..

[27]  Bo Li,et al.  Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach , 2017, Comput. Secur..

[28]  Junfeng Yang,et al.  DeepXplore: Automated Whitebox Testing of Deep Learning Systems , 2017, SOSP.

[29]  Chunlei Yang,et al.  Malware detection on android smartphones using keywords vector and SVM , 2017, 2017 IEEE/ACIS 16th International Conference on Computer and Information Science (ICIS).

[30]  Fabio Roli,et al.  Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection , 2017, IEEE Transactions on Dependable and Secure Computing.

[31]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[32]  Emiliano De Cristofaro,et al.  MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models , 2016, NDSS.

[33]  Lingling Fan,et al.  POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning , 2016, CCS.

[34]  Minhui Xue,et al.  Towards adversarial detection of mobile malware: poster , 2016, MobiCom.

[35]  Yang Liu,et al.  Semantic modelling of Android malware for effective malware comprehension, detection, and classification , 2016, ISSTA.

[36]  Yang Liu,et al.  Adaptive and scalable Android malware detection through online learning , 2016, 2016 International Joint Conference on Neural Networks (IJCNN).

[37]  Haojin Zhu,et al.  StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware , 2016, AsiaCCS.

[38]  David Lie,et al.  IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware , 2016, NDSS.

[39]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[40]  Eric Bodden,et al.  Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques , 2016, NDSS.

[41]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[42]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[43]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[44]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[45]  Sankardas Roy,et al.  Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps , 2014, CCS.

[46]  Chao Yang,et al.  DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications , 2014, ESORICS.

[47]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[48]  Suman Nath,et al.  PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps , 2014, MobiSys.

[49]  Arun Lakhotia,et al.  DroidLegacy: Automated Familial Classification of Android Malware , 2014, PPREW'14.

[50]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[51]  Bing Mao,et al.  DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware , 2013, ASIA CCS '13.

[52]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[53]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[54]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[55]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[56]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[57]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[58]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[59]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[60]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[61]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[62]  A. Shabtai,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2011, Journal of Intelligent Information Systems.

[63]  Seungyeop Han,et al.  TaintDroid , 2010, OSDI.

[64]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[65]  Sahin Albayrak,et al.  Monitoring Smartphones for Anomaly Detection , 2008, Mob. Networks Appl..

[66]  Ramesh Karri,et al.  A Theoretical Study of Hardware Performance Counters-Based Malware Detection , 2020, IEEE Transactions on Information Forensics and Security.

[67]  Wenke Lee,et al.  Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting , 2015, NDSS.

[68]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[69]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[70]  Zhenkai Liang,et al.  AirBag: Boosting Smartphone Resistance to Malware Infection , 2014, NDSS.

[71]  Xinwen Fu,et al.  Towards Neural Network Based Malware Detection on Android Mobile Devices , 2014, Cybersecurity Systems for Human Cognition Augmentation.

[72]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[73]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.