SlideShare ist ein Scribd-Unternehmen logo

IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices

‱
‱
M
Mansour Ahmadi

1. The document describes IntelliAV, a machine learning-based system for detecting Android malware directly on devices. 2. IntelliAV uses a random forest classifier trained on features extracted from app permissions, intents, APIs, and statistics to analyze apps and detect malware with 72% accuracy on new malware. 3. An independent third-party test found IntelliAV achieved 96% detection of 500 recent malware samples, and it can detect "droppers" that escape offline analysis by dropping malware only after installation.

Software
1 von 20
Downloaden Sie, um offline zu lesen
Pattern Recognition and Applications Lab IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices Mansour Ahmadi Post-Doctoral Researcher, University of Cagliari, Italy With: Angelo Sotgiu , Giorgio Giacinto 1: University of Cagliari, Italy CD-MAKE’17, 31th August Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 1 / 16
Prerequisite Android If you haven’t heard about Android, You probably live under a rock Malware - short for Malicious software ClassiïŹcation - A Machine Learning task for prediction Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 2 / 16
Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
Related works (based on Machine Learning) Year Method Detection Feature On-Device Available 2014 DroidAPIMiner − − API,PKG,PAR 2014 DroidMiner − − CG,API SEQ 2014 Drebin − PER,STR,API,INT 2014 DroidSIFT − − API Flow 2015 AppAudit − API Flow 2015 MudFlow − API Fow 2017 MaMaDroid − CG,API SEQ 2017 DroidSieve − − API,PER,INT,PKG,STR,STAT 2017 Qualcomm − Not Available Ours IntelliAV PER,INT,API,STAT Table : The systems that are mostly based on API, API-F, and API SEQ would fail against reïŹ‚ection. IntelliAV is the only on-device system that is available in the market. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 5 / 16
Why On-Device Learning-based system? Why On-Device? 1 Google Play store is not totally free of malware. 2 Third-party app stores are popular among mobile users. 3 Malware might be added to Android devices during supply chain. 4 Droppers can simply evade oïŹ„ine detection systems. Why Machine-Learning? 1 Detecting zero-day malware. 2 Almost all of major AVs do not still use Machine Learning. 3 Being robust against simple evasion techniques. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 6 / 16
Overview of IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 7 / 16
Feature Extraction Features - Rely on our previous works - 3955 features from Permissions, Intents, Statistical, APIs - To avoid over-ïŹtting, select top 1000 meaningful features Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 8 / 16
Model Construction ClassiïŹer - Algorithm: Random Forest - Library: TensorFlow (Multi-platform) - Train on 9,664 Malicious and 10,058 Benign applications Testing on-Device - The model can be transferred to the mobile device - Size of model is 3.3 MB - We don’t need root permission to read APKs - Give a probability to each application (Between 0 and 1) - Safe (0 P 0.4) , Suspicious ( 0.4 P 0.6) , Risky ( 0.6 P 1) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 9 / 16
Capabilities of IntelliAV Scan Installed applications Single APK Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 10 / 16
Evaluation - Detecting new malware Results - Testing on 2,311 malware, ïŹrst seen in 2017 - 72% Detection Rate - 7.5% False Positive on 2,898 Benign Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 11 / 16
Independant Test by 3rd party Results - Test on 500 common and recent Android malware in 2017 - IntelliAV achieved 96% Detection Rate Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 12 / 16
Detecting Droppers on Device Droppers do not carry any malicious activities by themselves - OïŹ„ine analysis systems would fail to detect the dropped Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 13 / 16
IntelliAV Overhead API Extraction is the slowest part - AirBnB has 15 Dex ïŹles ( Make the feature extraction process slow) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 14 / 16
Summary 1 First practical Intelligent AV for Android (Available with details) 2 Careful selection of a set of lightweight features 3 A robust classiïŹcation model, and a representative set of training samples 4 Intelliav can help the end user to provide easy protection on the device 5 IntelliAV allows researchers to better explore the idea of having intelligent security systems on mobile devices Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 15 / 16
Make it a Try Follow us Http://www.IntelliAV.com Twitter Facebook: @IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 16 / 16

Empfohlen

Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSIJNSA Journal
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system forIJNSA Journal
 
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDMACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDIRJET Journal
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...NECST Lab @ Politecnico di Milano
 

Empfohlen

Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSIJNSA Journal
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system forIJNSA Journal
 
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDMACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDIRJET Journal
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...NECST Lab @ Politecnico di Milano
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Trends In The Android Ecosystem
Trends In The Android EcosystemTrends In The Android Ecosystem
Trends In The Android EcosystemAppCoins
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...IJET - International Journal of Engineering and Techniques
 
H017445260
H017445260H017445260
H017445260IOSR Journals
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...theijes
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Google play
Google playGoogle play
Google playPrudentialInfotechLi
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature ReviewAhmed Sabbah
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET Journal
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811aissmsblogs
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksJPINFOTECH JAYAPRAKASH
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

Weitere Àhnliche Inhalte

Ähnlich wie IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices

ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Trends In The Android Ecosystem
Trends In The Android EcosystemTrends In The Android Ecosystem
Trends In The Android EcosystemAppCoins
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...theijes
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature ReviewAhmed Sabbah
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET Journal
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811aissmsblogs
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksJPINFOTECH JAYAPRAKASH
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 

Ähnlich wie IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices (20)

ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
Trends In The Android Ecosystem
Trends In The Android EcosystemTrends In The Android Ecosystem
Trends In The Android Ecosystem
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
 
H017445260
H017445260H017445260
H017445260
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
 
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectiveness
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
 
Google play
Google playGoogle play
Google play
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature Review
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_english
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative Markets
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applications
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacks
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
 

KĂŒrzlich hochgeladen

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp KrisztiĂĄn
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfWilly Marroquin (WillyDevNET)
 

KĂŒrzlich hochgeladen (20)

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Abortion Pill Prices Tembisa [(+27832195400*)] đŸ„ Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] đŸ„ Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] đŸ„ Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] đŸ„ Women's Abortion Clinic in T...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 

IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices

  • 1. Pattern Recognition and Applications Lab IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices Mansour Ahmadi Post-Doctoral Researcher, University of Cagliari, Italy With: Angelo Sotgiu , Giorgio Giacinto 1: University of Cagliari, Italy CD-MAKE’17, 31th August Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 1 / 16
  • 2. Prerequisite Android If you haven’t heard about Android, You probably live under a rock Malware - short for Malicious software ClassiïŹcation - A Machine Learning task for prediction Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 2 / 16
  • 3. Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
  • 4. Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
  • 5. Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
  • 6. This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
  • 7. This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
  • 8. This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
  • 9. Related works (based on Machine Learning) Year Method Detection Feature On-Device Available 2014 DroidAPIMiner − − API,PKG,PAR 2014 DroidMiner − − CG,API SEQ 2014 Drebin − PER,STR,API,INT 2014 DroidSIFT − − API Flow 2015 AppAudit − API Flow 2015 MudFlow − API Fow 2017 MaMaDroid − CG,API SEQ 2017 DroidSieve − − API,PER,INT,PKG,STR,STAT 2017 Qualcomm − Not Available Ours IntelliAV PER,INT,API,STAT Table : The systems that are mostly based on API, API-F, and API SEQ would fail against reïŹ‚ection. IntelliAV is the only on-device system that is available in the market. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 5 / 16
  • 10. Why On-Device Learning-based system? Why On-Device? 1 Google Play store is not totally free of malware. 2 Third-party app stores are popular among mobile users. 3 Malware might be added to Android devices during supply chain. 4 Droppers can simply evade oïŹ„ine detection systems. Why Machine-Learning? 1 Detecting zero-day malware. 2 Almost all of major AVs do not still use Machine Learning. 3 Being robust against simple evasion techniques. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 6 / 16
  • 11. Overview of IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 7 / 16
  • 12. Feature Extraction Features - Rely on our previous works - 3955 features from Permissions, Intents, Statistical, APIs - To avoid over-ïŹtting, select top 1000 meaningful features Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 8 / 16
  • 13. Model Construction ClassiïŹer - Algorithm: Random Forest - Library: TensorFlow (Multi-platform) - Train on 9,664 Malicious and 10,058 Benign applications Testing on-Device - The model can be transferred to the mobile device - Size of model is 3.3 MB - We don’t need root permission to read APKs - Give a probability to each application (Between 0 and 1) - Safe (0 P 0.4) , Suspicious ( 0.4 P 0.6) , Risky ( 0.6 P 1) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 9 / 16
  • 14. Capabilities of IntelliAV Scan Installed applications Single APK Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 10 / 16
  • 15. Evaluation - Detecting new malware Results - Testing on 2,311 malware, ïŹrst seen in 2017 - 72% Detection Rate - 7.5% False Positive on 2,898 Benign Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 11 / 16
  • 16. Independant Test by 3rd party Results - Test on 500 common and recent Android malware in 2017 - IntelliAV achieved 96% Detection Rate Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 12 / 16
  • 17. Detecting Droppers on Device Droppers do not carry any malicious activities by themselves - OïŹ„ine analysis systems would fail to detect the dropped Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 13 / 16
  • 18. IntelliAV Overhead API Extraction is the slowest part - AirBnB has 15 Dex ïŹles ( Make the feature extraction process slow) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 14 / 16
  • 19. Summary 1 First practical Intelligent AV for Android (Available with details) 2 Careful selection of a set of lightweight features 3 A robust classiïŹcation model, and a representative set of training samples 4 Intelliav can help the end user to provide easy protection on the device 5 IntelliAV allows researchers to better explore the idea of having intelligent security systems on mobile devices Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 15 / 16
  • 20. Make it a Try Follow us Http://www.IntelliAV.com Twitter Facebook: @IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 16 / 16