Detecção Hierárquica Confiável de Malware de Android Baseado em Arquiteturas CNN
Resumo
Neste artigo, propomos um método confiável de detecção hierárquica de malware Android utilizando CNN. O método possui duas etapas: classificação hierárquica de aplicativos de malware e seleção de aplicativos altamente confiáveis utilizando rejeição. Experimentos realizados em um novo dataset com mais de 26 mil aplicativos Android, divididos em 29 famílias de malware, mostraram que a CNN para detecção de malware é incapaz de fornecer alta precisão de detecção. Em contraste, o modelo proposto é capaz de detectar malware de forma confiável em aplicativos, melhorando as taxas de TN em até 5,5% e a taxa média de TP das famílias de malware de aplicativos aceitos em até 12,7%, enquanto rejeita apenas 10% dos aplicativos Android.Referências
dos Santos, R. R., Viegas, E. K., Santin, A. O., and Tedeschi, P. (2023). Federated learning for reliable model updates in network-based intrusion detection. Computers amp; Security, 133:103413.
Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2022). Towards multi-view android malware detection through image-based deep learning. In 2022 International Wireless Communications and Mobile Computing (IWCMC). IEEE.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024a). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024b). Network-based intrusion detection through image-based cnn and transfer learning. In 2024 International Wireless Communications and Mobile Computing (IWCMC). IEEE.
Hsien-De Huang, T. and Kao, H.-Y. (2018). R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections. In 2018 IEEE international conference on big data (big data), pages 2633–2642. IEEE.
inMobi, T. (2021). Understanding android users worldwide.
Katta, S. S. and Viegas, E. K. (2023). Towards a reliable and lightweight onboard fault detection in autonomous unmanned aerial vehicles. In 2023 IEEE International Conference on Robotics and Automation (ICRA). IEEE.
Kotzias, P., Caballero, J., and Bilge, L. (2021). How did that get in my phone? unwanted app distribution on android devices. In 2021 IEEE Symposium on Security and Privacy (SP), page 53–69. IEEE.
Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., and Ye, H. (2018). Significant permission identification for machine-learning-based android malware detection. IEEE Transactions on Industrial Informatics, 14(7):3216–3225.
Ma, Z., Ge, H., Liu, Y., Zhao, M., and Ma, J. (2019). A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE access, 7:21235–21245.
Mahdavifar, S., Kadir, A. F. A., Fatemi, R., Alhadidi, D., and Ghorbani, A. A. (2020). Dynamic android malware category classification using semi-supervised deep learning. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, pages 515–522. IEEE.
Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. S. (2011). Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security, pages 1–7.
Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., and Xiang, Y. (2020). A survey of android malware detection with deep neural models. ACM Computing Surveys (CSUR), 53(6):1–36.
Santos, R. R. d., Viegas, E. K., Santin, A. O., and Cogo, V. V. (2023). Reinforcement learning for intrusion detection: More model longness and fewer updates. IEEE Transactions on Network and Service Management, 20(2):2040–2055.
Shrestha, S., Pathak, S., and Viegas, E. K. (2023). Towards a robust adversarial patch attack against unmanned aerial vehicles object detection. In 2023 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). IEEE.
Singh, J., Thakur, D., Gera, T., Shah, B., Abuhmed, T., and Ali, F. (2021). Classification and analysis of android malware images using feature fusion technique. IEEE Access, 9:90102–90117.
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., and Hoffmann, J. (2013). Mobile-sandbox: having a deeper look into android applications. In Proceedings of the 28th annual ACM symposium on applied computing, pages 1808–1815.
Taheri, R., Ghahramani, M., Javidan, R., Shojafar, M., Pooranian, Z., and Conti, M. (2020). Similarity-based android malware detection using hamming distance of static binary features. Future Generation Computer Systems, 105:230–247.
Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., and Zheng, Q. (2020). Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture. Computer Networks, 171:107138.
Vidas, T. and Christin, N. (2014). Evading android runtime analysis via sandbox detection. In Proceedings of the 9th ACM symposium on Information, computer and communications security, pages 447–458.
Xue, S., Zhang, L., Li, A., Li, X.-Y., Ruan, C., and Huang, W. (2018). Appdna: App behavior profiling via graph-based deep learning. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pages 1475–1483. IEEE.
Geremias, J., Viegas, E. K., Santin, A. O., Britto, A., and Horchulhack, P. (2022). Towards multi-view android malware detection through image-based deep learning. In 2022 International Wireless Communications and Mobile Computing (IWCMC). IEEE.
Horchulhack, P., Viegas, E. K., Santin, A. O., Ramos, F. V., and Tedeschi, P. (2024a). Detection of quality of service degradation on multi-tenant containerized services. Journal of Network and Computer Applications, 224:103839.
Horchulhack, P., Viegas, E. K., Santin, A. O., and Simioni, J. A. (2024b). Network-based intrusion detection through image-based cnn and transfer learning. In 2024 International Wireless Communications and Mobile Computing (IWCMC). IEEE.
Hsien-De Huang, T. and Kao, H.-Y. (2018). R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections. In 2018 IEEE international conference on big data (big data), pages 2633–2642. IEEE.
inMobi, T. (2021). Understanding android users worldwide.
Katta, S. S. and Viegas, E. K. (2023). Towards a reliable and lightweight onboard fault detection in autonomous unmanned aerial vehicles. In 2023 IEEE International Conference on Robotics and Automation (ICRA). IEEE.
Kotzias, P., Caballero, J., and Bilge, L. (2021). How did that get in my phone? unwanted app distribution on android devices. In 2021 IEEE Symposium on Security and Privacy (SP), page 53–69. IEEE.
Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., and Ye, H. (2018). Significant permission identification for machine-learning-based android malware detection. IEEE Transactions on Industrial Informatics, 14(7):3216–3225.
Ma, Z., Ge, H., Liu, Y., Zhao, M., and Ma, J. (2019). A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE access, 7:21235–21245.
Mahdavifar, S., Kadir, A. F. A., Fatemi, R., Alhadidi, D., and Ghorbani, A. A. (2020). Dynamic android malware category classification using semi-supervised deep learning. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, pages 515–522. IEEE.
Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. S. (2011). Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security, pages 1–7.
Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., and Xiang, Y. (2020). A survey of android malware detection with deep neural models. ACM Computing Surveys (CSUR), 53(6):1–36.
Santos, R. R. d., Viegas, E. K., Santin, A. O., and Cogo, V. V. (2023). Reinforcement learning for intrusion detection: More model longness and fewer updates. IEEE Transactions on Network and Service Management, 20(2):2040–2055.
Shrestha, S., Pathak, S., and Viegas, E. K. (2023). Towards a robust adversarial patch attack against unmanned aerial vehicles object detection. In 2023 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). IEEE.
Singh, J., Thakur, D., Gera, T., Shah, B., Abuhmed, T., and Ali, F. (2021). Classification and analysis of android malware images using feature fusion technique. IEEE Access, 9:90102–90117.
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., and Hoffmann, J. (2013). Mobile-sandbox: having a deeper look into android applications. In Proceedings of the 28th annual ACM symposium on applied computing, pages 1808–1815.
Taheri, R., Ghahramani, M., Javidan, R., Shojafar, M., Pooranian, Z., and Conti, M. (2020). Similarity-based android malware detection using hamming distance of static binary features. Future Generation Computer Systems, 105:230–247.
Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., and Zheng, Q. (2020). Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture. Computer Networks, 171:107138.
Vidas, T. and Christin, N. (2014). Evading android runtime analysis via sandbox detection. In Proceedings of the 9th ACM symposium on Information, computer and communications security, pages 447–458.
Xue, S., Zhang, L., Li, A., Li, X.-Y., Ruan, C., and Huang, W. (2018). Appdna: App behavior profiling via graph-based deep learning. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pages 1475–1483. IEEE.
Publicado
16/09/2024
Como Citar
GEREMIAS, Jhonatan; VIEGAS, Eduardo K.; SANTIN, Altair O.; HORCHULHACK, Pedro; BRITTO, Alceu de S..
Detecção Hierárquica Confiável de Malware de Android Baseado em Arquiteturas CNN. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 197-209.
DOI: https://doi.org/10.5753/sbseg.2024.241490.
