In last years smartphone and tablet devices have been handling an increasing variety of sensitive resources. As a matter of fact, these devices store a plethora of information related to our every-day life, from the contact list, the received email, and also our position during the day (using not only the GPS chipset that can be disabled but only the Wi-Fi/mobile connection it is possible to discover the device geolocalization).This is the reason why mobile attackers are producing a large number of malicious applications targeting Android (that is the most diffused mobile operating system), often by modifying existing applications, which results in malware being organized in families, where each application belonging to the same family exhibit the same malicious behaviour. These behaviours are typically information gathering related, for instance a very widespread malicious behaviour in mobile is represented by sending personal information (as examples: the contact list, the received and send SMSs, the browser history) to a remote server managed by the attackers.In this paper, we investigate whether deep learning algorithms are able to discriminate between malicious and legitimate Android samples. To this end, we designed a method based on convolutional neural network applied to syscalls occurrences through dynamic analysis. We experimentally evaluated the built deep learning classifiers on a recent dataset composed of 7100 real-world applications, more than 3000 of which are widespread malware belonging to several different families in order to test the effectiveness of the proposed method, obtaining encouraging results. (C) 2017 The Authors. Published by Elsevier B.V.
Evaluating Convolutional Neural Network for Effective Mobile Malware Detection
Marulli F.
Methodology
;
2017
Abstract
In last years smartphone and tablet devices have been handling an increasing variety of sensitive resources. As a matter of fact, these devices store a plethora of information related to our every-day life, from the contact list, the received email, and also our position during the day (using not only the GPS chipset that can be disabled but only the Wi-Fi/mobile connection it is possible to discover the device geolocalization).This is the reason why mobile attackers are producing a large number of malicious applications targeting Android (that is the most diffused mobile operating system), often by modifying existing applications, which results in malware being organized in families, where each application belonging to the same family exhibit the same malicious behaviour. These behaviours are typically information gathering related, for instance a very widespread malicious behaviour in mobile is represented by sending personal information (as examples: the contact list, the received and send SMSs, the browser history) to a remote server managed by the attackers.In this paper, we investigate whether deep learning algorithms are able to discriminate between malicious and legitimate Android samples. To this end, we designed a method based on convolutional neural network applied to syscalls occurrences through dynamic analysis. We experimentally evaluated the built deep learning classifiers on a recent dataset composed of 7100 real-world applications, more than 3000 of which are widespread malware belonging to several different families in order to test the effectiveness of the proposed method, obtaining encouraging results. (C) 2017 The Authors. Published by Elsevier B.V.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.