A Friend or a Foe? Detecting Malware using Memory and CPU Features

被引:13
作者
Milosevic, Jelena [1 ]
Malek, Miroslaw [1 ]
Ferrante, Alberto [1 ]
机构
[1] Univ Svizzera Italiana, ALaRI, Fac Informat, Lugano, Switzerland
来源
SECRYPT: PROCEEDINGS OF THE 13TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS - VOL. 4 | 2016年
关键词
Malware Detection; Dynamic Detection; Android; Internet of Things (IoT); CLASSIFICATION;
D O I
10.5220/0005964200730084
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
With an ever-increasing and ever more aggressive proliferation of malware, its detection is of utmost importance. However, due to the fact that IoT devices are resource-constrained, it is difficult to provide effective solutions. The main goal of this paper is the development of lightweight techniques for dynamic malware detection. For this purpose, we identify an optimized set of features to be monitored at runtime on mobile devices as well as detection algorithms that are suitable for battery-operated environments. We propose to use a minimal set of most indicative memory and CPU features reflecting malicious behavior. The performance analysis and validation of features usefulness in detecting malware have been carried out by considering the Android operating system. The results show that memory and CPU related features contain enough information to discriminate between execution traces belonging to malicious and benign applications with significant detection precision and recall. Since the proposed approach requires only a limited number of features and algorithms of low complexity, we believe that it can be used for effective malware detection, not only on mobile devices, but also on other smart elements of IoT.
引用
收藏
页码:73 / 84
页数:12
相关论文
共 32 条
[1]  
[Anonymous], ANDR SOFTW DEV KIT
[2]  
[Anonymous], UI APPL EX MONK
[3]  
[Anonymous], ANDR DEB BRIDG
[4]   Drebin: Effective and Explainable Detection of Android Malware in Your Pocket [J].
Arp, Daniel ;
Spreitzenbarth, Michael ;
Huebner, Malte ;
Gascon, Hugo ;
Rieck, Konrad .
21ST ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2014), 2014,
[5]   Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices [J].
Becher, Michael ;
Freiling, Felix C. ;
Hoffmann, Johannes ;
Holz, Thorsten ;
Uellenbeck, Sebastian ;
Wolf, Christopher .
2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011), 2011, :96-111
[6]  
Bishop C.M., 2006, PATTERN RECOGN, V4, P738, DOI DOI 10.1117/1.2819119
[7]   Random forests [J].
Breiman, L .
MACHINE LEARNING, 2001, 45 (01) :5-32
[8]  
Enck W, 2009, CCS'09: PROCEEDINGS OF THE 16TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P235
[9]  
Felt A.P., 2011, P 1 ACM WORKSH SEC P, DOI DOI 10.1145/2046614.2046618
[10]  
Felt AdriennePorter., 2011, P 2 USENIX C WEB APP, P7