An Intelligent Multi-Agent Based Detection Framework for Classification of Android Malware

Android is currently the most popular operating system for smartphone devices with over 900 million installations until 2013. It is also the most vulnerable platform due to allowing of software downloads from 3rd party sites, loading additional code at runtime, and lack of frequent updates to known vulnerabilities. Securing such devices from malware that targets users is paramount. In this paper, we present a Jade agent based framework targeted towards protecting Android devices. We also focus on scenarios of use where such agents can be dynamically launched. We believe, a detection technique has to be intelligent due to limited battery constraints of these devices. Moreover, battery utilization might become secondary in certain settings where detection accuracy is given a higher preference. In this framework, the expensive analysis components utilizing machine-learning algorithms are pushed to server side, while agents on the Android client are used mainly for intelligent feature gathering.

[1]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[2]  David Billard,et al.  Computer System Immunity using Mobile Agents , 2001 .

[3]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  Fabio Massacci,et al.  StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications , 2015, CODASPY.

[5]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[6]  Ahmad-Reza Sadeghi,et al.  Security Analysis of Mobile Two-Factor Authentication Schemes , 2014 .

[7]  Mark A. Musen,et al.  The protégé project: a look back and a look forward , 2015, SIGAI.

[8]  Mohammed S. Alam,et al.  Performance of malware classifier for android , 2015, 2015 International Conference and Workshop on Computing and Communication (IEMCON).

[9]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[10]  Jasper Snoek,et al.  Practical Bayesian Optimization of Machine Learning Algorithms , 2012, NIPS.

[11]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[12]  Salima Hassas,et al.  Combining Immune Systems and Social Insect Metaphors: A Paradigm for Distributed Intrusion Detection and Response System , 2003, MATA.

[13]  Sehun Kim,et al.  A Malicious Application Detection Framework using Automatic Feature Extraction Tool on Android Market , 2013 .

[14]  Sahin Albayrak,et al.  Enhancing security of linux-based android devices , 2008 .

[15]  Liang Gu,et al.  Context-Aware Usage Control for Android , 2010, SecureComm.

[16]  Chengqi Zhang,et al.  MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agent , 2004 .

[17]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[18]  Christopher Krügel,et al.  Flexible, Mobile Agent Based Intrusion Detection for Dynamic Networks , 2001 .

[19]  Richard E. Harang,et al.  Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[20]  Agostino Poggi,et al.  Developing Multi-agent Systems with JADE , 2007, ATAL.

[21]  Alessandro Ricci,et al.  JaCa-Android: An Agent-based Platform for Building Smart Mobile Applications , 2010, MALLOW.

[22]  Delbert Hart,et al.  A P2P intrusion detection system based on mobile agents , 2004, ACM-SE 42.

[23]  Mauro Conti,et al.  MOSES: Supporting and Enforcing Security Profiles on Smartphones , 2014, IEEE Transactions on Dependable and Secure Computing.

[24]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[25]  Kevin P. Murphy,et al.  Machine learning - a probabilistic perspective , 2012, Adaptive computation and machine learning series.

[26]  Srikanth Ramu Mobile Malware Evolution , Detection and Defense , 2012 .

[27]  Peter Mell,et al.  Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems , 1999, Recent Advances in Intrusion Detection.

[28]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[29]  Jacques Klein,et al.  Machine Learning-Based Malware Detection for Android Applications: History Matters! , 2014 .

[30]  Vasant Honavar,et al.  Intelligent agents for intrusion detection , 1998, 1998 IEEE Information Technology Conference, Information Environment for the Future (Cat. No.98EX228).

[31]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[32]  Shigeki Goto,et al.  The Implementation of IDA: An Intrusion Detection Agent System , 1999 .

[33]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[34]  Computer Network Security , 2005 .

[35]  Zhiyong Cheng A Multi-Agent Security System for Android Platform , 2012 .

[36]  Mohammed S. Alam,et al.  Advanced Methods for Botnet Intrusion Detection Systems , 2011 .

[37]  Tony White,et al.  Mobile agents for network management , 1998, IEEE Communications Surveys & Tutorials.

[38]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[39]  Win Zaw,et al.  Permission-Based Android Malware Detection , 2013 .

[40]  Yuval Elovici,et al.  Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[41]  Nando de Freitas,et al.  Bayesian Optimization in High Dimensions via Random Embeddings , 2013, IJCAI.

[42]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[43]  Parisa A. Bahri,et al.  A methodology for the development of multi-agent systems using the JADE platform , 2006, Comput. Syst. Sci. Eng..

[44]  Zhiyong Cheng,et al.  Context-aware multi-agent based framework for securing Android , 2014, 2014 International Conference on Multimedia Computing and Systems (ICMCS).

[45]  Christopher Krügel,et al.  SPARTA, a Mobile Agent Based Instrusion Detection System , 2001, Network Security.

[46]  Luci Pirmez,et al.  Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications , 1999, Recent Advances in Intrusion Detection.

[47]  Salvatore J. Stolfo,et al.  JAM: Java Agents for Meta-Learning over Distributed Databases , 1997, KDD.

[48]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[49]  Pengfei Liu,et al.  Mobile WEKA as Data Mining Tool on Android , 2012 .

[50]  Mohammed S. Alam,et al.  Random Forest Classification for Detecting Android Malware , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[51]  Johannes Köstler,et al.  Kynoid: Real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android , 2013, Inf. Secur. Tech. Rep..

[52]  Nitesh Saxena,et al.  Sensing-enabled channels for hard-to-detect command and control of mobile devices , 2013, ASIA CCS '13.

[53]  Sam Ruby,et al.  RESTful Web Services , 2007 .

[54]  Jacques Klein,et al.  Empirical assessment of machine learning-based malware detectors for Android , 2014, Empirical Software Engineering.

[55]  Yuval Elovici,et al.  Securing Android-Powered Mobile Devices Using SELinux , 2010, IEEE Security & Privacy.

[56]  Jacques Klein,et al.  A Forensic Analysis of Android Malware -- How is Malware Written and How it Could Be Detected? , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[57]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[58]  Andrea Valdi,et al.  AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors , 2013, SPSM '13.

[59]  Lei-da Chen,et al.  Mobile Payment Adoption in the US: A Cross-industry, Crossplatform Solution , 2005 .