A Friend or a Foe? Detecting Malware using Memory and CPU Features

With an ever-increasing and ever more aggressive proliferation of malware, its detection is of utmost importance. However, due to the fact that IoT devices are resource-constrained, it is difficult to provide effective solutions. The main goal of this paper is the development of lightweight techniques for dynamic malware detection. For this purpose, we identify an optimized set of features to be monitored at runtime on mobile devices as well as detection algorithms that are suitable for battery-operated environments. We propose to use a minimal set of most indicative memory and CPU features reflecting malicious behavior. The performance analysis and validation of features usefulness in detecting malware have been carried out by considering the Android operating system. The results show that memory and CPU related features contain enough information to discriminate between execution traces belonging to malicious and benign applications with significant detection precision and recall. Since the proposed approach requires only a limited number of features and algorithms of low complexity, we believe that it can be used for effective malware detection, not only on mobile devices, but also on other smart elements of IoT.