MalAware: Effective and Efficient Run-Time Mobile Malware Detector

Effective detection of malware is of paramount importance for securing the next generation of smart devices. Static detection, the preferred technique used so far, is not sufficiently powerful to defeat state-of-the-art malware, and will be even less effective in the near future. Dynamic malware detection guarantees better protection since it operates at run-time and can identify also unknown malware, however, the computational resources required are usually not affordable for battery operated devices. We propose MalAware, an effective, fast, and lightweight dynamic detection method. We identify malware by applying linear complexity classification algorithms to seven discriminating features and we improve the reliability of our detection using an efficient sliding windows mechanism. Our results, based on testing of about 2000 Android applications, demonstrate the timeliness and the effectiveness of detection in our approach. In fact, malware is detected within the first three minutes of execution with an F-measure of 0.85.

[1]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[2]  Eric Medvet,et al.  Detecting Android malware using sequences of system calls , 2015, DeMobile@SIGSOFT FSE.

[3]  S. Cessie,et al.  Ridge Estimators in Logistic Regression , 1992 .

[4]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[5]  Miroslaw Malek,et al.  What does the memory say? Towards the most indicative features for efficient malware detection , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[6]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[7]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[8]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[9]  Felix C. Freiling,et al.  Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices , 2011, 2011 IEEE Symposium on Security and Privacy.

[10]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[11]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[12]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[13]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[14]  Michael I. Jordan,et al.  On Discriminative vs. Generative Classifiers: A comparison of logistic regression and naive Bayes , 2001, NIPS.

[15]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[16]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[17]  Mi-Jung Choi,et al.  Analysis of Android malware detection performance using machine learning classifiers , 2013, 2013 International Conference on ICT Convergence (ICTC).

[18]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[19]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[20]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[21]  Miroslaw Malek,et al.  A Friend or a Foe? Detecting Malware using Memory and CPU Features , 2016, SECRYPT.

[22]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.