Recurrent Neural Networks for Colluded Applications Attack Detection in Android OS Devices

The paper presents a design and an implementation of an intelligent detector of a novel "colluded applications" attack on user's privacy in Android OS devices, which employs recurrent neural network (RNN) models. The paper reports the results of an empirical study that involved the attack research, data collection and pre-processing, the choice of the RNN model for a detector design, multiple detector implementations, their performance evaluation and analysis, and finally, an Android app realization and execution on a real device. We investigate and analyze multiple attack scenarios and the attack influence on such technological signals as memory consumption and a CPU's cores clock speed. For the attack detection, a few detectors exploring multiple RNN models are designed, implemented, and examined. The detectors employ various RNN models, such as a simple recurrent neural network, a long short-term memory, and a gated recurrent unit. Each model's performance in detecting multiple attack scenarios is evaluated and analyzed in order to compare classification models against various criteria.