Автор: Tony Thomas, Roopak Surendran, Teenu S. John
Издательство: CRC Press
Год: 2023
Страниц: 191
Язык: английский
Формат: pdf (true), epub (true)
Размер: 14.7 MB
The popularity of Android mobile phones has caused more cybercriminals to create malware applications that carry out various malicious activities. The attacks proved there is great importance in protecting Android mobile devices from malware attacks. Intelligent Mobile Malware Detection will teach users how to develop intelligent Android malware detection mechanisms by using various graph and stochastic models. The book begins with an introduction to the Android operating system accompanied by the limitations of the state-of-the-art static malware detection mechanisms as well as a detailed presentation of a hybrid malware detection mechanism. The text then presents four different system call-based dynamic Android malware detection mechanisms using graph centrality measures, graph signal processing and graph convolutional networks. Further, it shows how most of the Android malware can be detected by checking the presence of a unique subsequence of system calls in its system call sequence. All the malware detection mechanisms presented in the book are based on the authors' recent research. The experiments are conducted with the latest Android malware samples and the malware samples are collected from public repositories. The source codes are also provided for easy implementation of the mechanisms. This book will be highly useful to Android malware researchers, developers, students and cyber security professionals to explore and build defense mechanisms against the ever-evolving Android malware.
Nowadays, smart phones are widely used for making phone calls, sending messages, storing personal data, browsing the Internet, online banking and more. Because of this, smart phones have become targets for cyber-attacks involving malware. Cyber criminals are targeting smart phones to spread malware in order to steal money and confidential data stored in those phones. Malware applications such as trojan SMS and trojan banker can cause great financial loss to users. Trojan SMS can send SMS messages to premium rate numbers in the background and trojan banker can steal the online banking details of a user without the user's knowledge. Therefore, it has become very essential to secure smart phones against malware attacks.
With the widespread usage of the Android operating system, the number of malware targeting Android smart phones has risen several folds. Almost 98% of smartphone malware are designed for Android devices. Most of the existing anti-malware products are still relying on static and signature-based malware detection mechanisms. Static analysis is a method of detecting malware application by analyzing the source code of the application without executing it. In signature-based analysis, the hash value of an application is compared with a list of hash values of known malicious applications for identifying whether the application is one among the listed malware. These detection mechanisms can be easily evaded by code transformation attacks. Hence, it is essential to develop novel malware detection mechanisms based on dynamic analysis for accurate malware detection. Dynamic analysis mechanisms consider runtime information such as system metrics, network level information, system calls and more for detecting the malicious behavior of the application. A malicious application typically invokes sensitive APIs in an automated manner to perform privileged operations. This automated invocation of API calls gets reflected in the system call sequence of the application. Hence, system calls are considered as one of most effective features for capturing the malicious behavior of an application.
Most of the existing system call-based malware detection mechanisms consider the system call frequencies or co-occurrences in the system call sequence for malware detection. The system call frequency-based mechanisms use machine learning classifiers to detect malware based on the independent occurrences of each individual system call in the entire sequence. These mechanisms do not consider the relationships among the system calls in a system call sequence. In system call co-occurrence-based mechanisms, the mutual relationships between system calls in the sequence are considered for malware detection. However, these approaches do not consider the complex relationships among the system calls crucial for identifying the malicious behavior of an application.
This book is an attempt to present representation and characterization of Android malware using graph and stochastic models and use such representations and characterizations to detect Android malware. First, the state-of-the-art static malware detection mechanisms and their limitations are presented in this book. This will be followed by detailed presentations of a hybrid malware detection mechanism and four different system call-based dynamic Android malware detection mechanisms based on recent research by the authors. This book will teach readers how to develop effective Android malware detection mechanisms using graph centrality measures, graph signal processing and graph convolutional networks. The source codes are also provided in the appendix for easy implementations of the mechanisms. This book will be highly useful for Android malware researchers, developers, students and cyber security professionals.
In Chapters 1 and 2, the basics of Android OS and Android malware are discussed. In Chapter 3, state-of-the-art static malware detection mechanisms and their limitations are presented. In Chapter 4, a tree augmented naive (TAN) Bayes-based hybrid malware detection mechanism, which uses the conditional dependencies among relevant static and dynamic features (API calls, permissions and system calls) required for the functionality of an application, is presented. Three ridge regularized logistic regression classifiers corresponding to API calls, permissions and system calls of an application are used along with the TAN model for identifying whether the application is malicious or not. In Chapter 5, a malware detection mechanism, which uses machine learning classifiers on various centrality measures calculated from the system call digraph of an application, is presented. In Chapter 6, the graph convolutional neural (GCN) network is used to detect the malicious behavior from the system call digraphs. In Chapter 7, a way to construct low-dimensional feature vectors (graph signals) from system calls using graph signal processing (GSP) is described. These graph signals are used as feature vectors of machine learning classifiers for identifying the malicious behavior. Through the implementations of these methods, it is shown that graph-based mechanisms are very accurate and efficient in detecting malware applications over traditional mechanisms.
In Chapter 4, Chapter 5, Chapter 6, Chapter 7, Machine Learning classifiers are used to detect malware. The main problem of a machine learning approach is the difficulty in finding the properties or features that uniquely characterize the Android malware. Toward this, in Chapter 8 it is shown that most of the Android malware could be detected by checking the presence of a unique short system call subsequence (malicious system call code) in its system call sequence. This detection mechanism does not require any machine learning classifiers. Through experiments, the existence of malicious system call code is shown in the majority of malware applications that use the system resources in the background. The book concludes with Chapter 9, which includes conclusions, limitations and future directions for research.
Скачать Intelligent Mobile Malware Detection