Evaluating Convolutional Neural Network for Effective Mobile Malware Detection

In last years smartphone and tablet devices have been handling an increasing variety of sensitive resources. As a matter of fact, these devices store a plethora of information related to our every-day life, from the contact list, the received email, and also our position during the day (using not only the GPS chipset that can be disabled but only the Wi-Fi/mobile connection it is possible to discover the device geolocalization).This is the reason why mobile attackers are producing a large number of malicious applications targeting Android (that is the most diffused mobile operating system), often by modifying existing applications, which results in malware being organized in families, where each application belonging to the same family exhibit the same malicious behaviour. These behaviours are typically information gathering related, for instance a very widespread malicious behaviour in mobile is represented by sending personal information (as examples: the contact list, the received and send SMSs, the browser history) to a remote server managed by the attackers.In this paper, we investigate whether deep learning algorithms are able to discriminate between malicious and legitimate Android samples. To this end, we designed a method based on convolutional neural network applied to syscalls occurrences through dynamic analysis. We experimentally evaluated the built deep learning classifiers on a recent dataset composed of 7100 real-world applications, more than 3000 of which are widespread malware belonging to several different families in order to test the effectiveness of the proposed method, obtaining encouraging results.

[1]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Eric Medvet,et al.  Detection of Malicious Web Pages Using System Calls Sequences , 2014, CD-ARES.

[3]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[4]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[5]  Antonella Santone,et al.  Hey Malware, I Can Find You! , 2016, 2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE).

[6]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.

[7]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[8]  Yoon Kim,et al.  Convolutional Neural Networks for Sentence Classification , 2014, EMNLP.

[9]  Alina A. von Davier,et al.  Cross-Validation , 2014 .

[10]  Sencun Zhu,et al.  Value-based program characterization and its application to software plagiarism detection , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[11]  Gerardo Canfora,et al.  Metamorphic Malware Detection Using Code Metrics , 2014, Inf. Secur. J. A Glob. Perspect..

[12]  Franklin Tchakounté,et al.  System Calls Analysis of Malwares on Android , 2013 .

[13]  Seong-je Cho,et al.  A kernel-based monitoring approach for analyzing malicious behavior on Android , 2014, SAC.

[14]  Srdjan Capkun,et al.  Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern Smartphone Systems , 2010 .

[15]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[16]  Flora Amato,et al.  An integrated framework for securing semi-structured health records , 2015, Knowl. Based Syst..

[17]  Flora Amato,et al.  A model driven approach to data privacy verification in E-Health systems , 2015, Trans. Data Priv..

[18]  Tom M. Mitchell,et al.  Machine Learning and Data Mining , 2012 .

[19]  Shivakant Mishra,et al.  Location based power analysis to detect malicious code in smartphones , 2011, SPSM '11.

[20]  Flora Amato,et al.  Pattern-based orchestration and automatic verification of composite cloud services , 2016, Comput. Electr. Eng..

[21]  Antonella Santone,et al.  Ransomware Inside Out , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[22]  Shuiwang Ji,et al.  Deep Convolutional Neural Networks for Multi-instance Multi-task Learning , 2015, 2015 IEEE International Conference on Data Mining.

[23]  Ling Liu,et al.  Encyclopedia of Database Systems , 2009, Encyclopedia of Database Systems.

[24]  Gerardo Canfora,et al.  A Classifier of Malicious Android Applications , 2013, 2013 International Conference on Availability, Reliability and Security.

[25]  Jun Guo,et al.  An empirical convolutional neural network approach for semantic relation classification , 2016, Neurocomputing.

[26]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.