SlideShare una empresa de Scribd logo

IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices

M
Mansour Ahmadi

1. The document describes IntelliAV, a machine learning-based system for detecting Android malware directly on devices. 2. IntelliAV uses a random forest classifier trained on features extracted from app permissions, intents, APIs, and statistics to analyze apps and detect malware with 72% accuracy on new malware. 3. An independent third-party test found IntelliAV achieved 96% detection of 500 recent malware samples, and it can detect "droppers" that escape offline analysis by dropping malware only after installation.

Software
1 de 20
Descargar para leer sin conexión
Pattern Recognition and Applications Lab IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices Mansour Ahmadi Post-Doctoral Researcher, University of Cagliari, Italy With: Angelo Sotgiu , Giorgio Giacinto 1: University of Cagliari, Italy CD-MAKE’17, 31th August Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 1 / 16
Prerequisite Android If you haven’t heard about Android, You probably live under a rock Malware - short for Malicious software Classification - A Machine Learning task for prediction Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 2 / 16
Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
Related works (based on Machine Learning) Year Method Detection Feature On-Device Available 2014 DroidAPIMiner − − API,PKG,PAR 2014 DroidMiner − − CG,API SEQ 2014 Drebin − PER,STR,API,INT 2014 DroidSIFT − − API Flow 2015 AppAudit − API Flow 2015 MudFlow − API Fow 2017 MaMaDroid − CG,API SEQ 2017 DroidSieve − − API,PER,INT,PKG,STR,STAT 2017 Qualcomm − Not Available Ours IntelliAV PER,INT,API,STAT Table : The systems that are mostly based on API, API-F, and API SEQ would fail against reflection. IntelliAV is the only on-device system that is available in the market. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 5 / 16
Why On-Device Learning-based system? Why On-Device? 1 Google Play store is not totally free of malware. 2 Third-party app stores are popular among mobile users. 3 Malware might be added to Android devices during supply chain. 4 Droppers can simply evade offline detection systems. Why Machine-Learning? 1 Detecting zero-day malware. 2 Almost all of major AVs do not still use Machine Learning. 3 Being robust against simple evasion techniques. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 6 / 16
Overview of IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 7 / 16
Feature Extraction Features - Rely on our previous works - 3955 features from Permissions, Intents, Statistical, APIs - To avoid over-fitting, select top 1000 meaningful features Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 8 / 16
Model Construction Classifier - Algorithm: Random Forest - Library: TensorFlow (Multi-platform) - Train on 9,664 Malicious and 10,058 Benign applications Testing on-Device - The model can be transferred to the mobile device - Size of model is 3.3 MB - We don’t need root permission to read APKs - Give a probability to each application (Between 0 and 1) - Safe (0 P 0.4) , Suspicious ( 0.4 P 0.6) , Risky ( 0.6 P 1) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 9 / 16
Capabilities of IntelliAV Scan Installed applications Single APK Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 10 / 16
Evaluation - Detecting new malware Results - Testing on 2,311 malware, first seen in 2017 - 72% Detection Rate - 7.5% False Positive on 2,898 Benign Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 11 / 16
Independant Test by 3rd party Results - Test on 500 common and recent Android malware in 2017 - IntelliAV achieved 96% Detection Rate Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 12 / 16
Detecting Droppers on Device Droppers do not carry any malicious activities by themselves - Offline analysis systems would fail to detect the dropped Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 13 / 16
IntelliAV Overhead API Extraction is the slowest part - AirBnB has 15 Dex files ( Make the feature extraction process slow) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 14 / 16
Summary 1 First practical Intelligent AV for Android (Available with details) 2 Careful selection of a set of lightweight features 3 A robust classification model, and a representative set of training samples 4 Intelliav can help the end user to provide easy protection on the device 5 IntelliAV allows researchers to better explore the idea of having intelligent security systems on mobile devices Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 15 / 16
Make it a Try Follow us Http://www.IntelliAV.com Twitter Facebook: @IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 16 / 16

Recomendados

Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSIJNSA Journal
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system forIJNSA Journal
 
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDMACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDIRJET Journal
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...NECST Lab @ Politecnico di Milano
 

Recomendados

Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Exploring the Integration of User Feedback in Automated Testing of Android Ap...
Exploring the Integration of User Feedback in Automated Testing of Android Ap...Sebastiano Panichella
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Malware Detection in Android Applications
Malware Detection in Android ApplicationsMalware Detection in Android Applications
Malware Detection in Android Applicationsijtsrd
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONS
ANDROINSPECTOR: A SYSTEM FOR COMPREHENSIVE ANALYSIS OF ANDROID APPLICATIONSIJNSA Journal
 
Androinspector a system for
Androinspector a system forAndroinspector a system for
Androinspector a system forIJNSA Journal
 
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDMACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROID
MACHINE LEARNING APPROACH TO LEARN AND DETECT MALWARE IN ANDROIDIRJET Journal
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...NECST Lab @ Politecnico di Milano
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Trends In The Android Ecosystem
Trends In The Android EcosystemTrends In The Android Ecosystem
Trends In The Android EcosystemAppCoins
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...IJET - International Journal of Engineering and Techniques
 
H017445260
H017445260H017445260
H017445260IOSR Journals
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...theijes
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Google play
Google playGoogle play
Google playPrudentialInfotechLi
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature ReviewAhmed Sabbah
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET Journal
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811aissmsblogs
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksJPINFOTECH JAYAPRAKASH
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 

Más contenido relacionado

Similar a IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices

ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Trends In The Android Ecosystem
Trends In The Android EcosystemTrends In The Android Ecosystem
Trends In The Android EcosystemAppCoins
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...theijes
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksIAEME Publication
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature ReviewAhmed Sabbah
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAnatoliy Tkachev
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET Journal
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsFACE
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsJPINFOTECH JAYAPRAKASH
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksJPINFOTECH JAYAPRAKASH
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for androidJPINFOTECH JAYAPRAKASH
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisIRJET Journal
 

Similar a IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices (20)

ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
Trends In The Android Ecosystem
Trends In The Android EcosystemTrends In The Android Ecosystem
Trends In The Android Ecosystem
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
 
H017445260
H017445260H017445260
H017445260
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
 
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
Proposed Workable Process Flow with Analysis Framework for Android Forensics ...
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectiveness
 
Evaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacksEvaluating android antimalware against transformation attacks
Evaluating android antimalware against transformation attacks
 
Google play
Google playGoogle play
Google play
 
Android Malware Detection Literature Review
Android Malware Detection Literature ReviewAndroid Malware Detection Literature Review
Android Malware Detection Literature Review
 
Avtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_englishAvtest 2012 02-android_anti-malware_report_english
Avtest 2012 02-android_anti-malware_report_english
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...IRJET - System to Identify and Define Security Threats to the users About The...
IRJET - System to Identify and Define Security Threats to the users About The...
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
Irjet v7 i3811
Irjet v7 i3811Irjet v7 i3811
Irjet v7 i3811
 
AndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative MarketsAndRadar: Fast Discovery of Android Applications in Alternative Markets
AndRadar: Fast Discovery of Android Applications in Alternative Markets
 
Generating summary risk scores for mobile applications
Generating summary risk scores for mobile applicationsGenerating summary risk scores for mobile applications
Generating summary risk scores for mobile applications
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacks
 
Review of behavior malware analysis for android
Review of behavior malware analysis for androidReview of behavior malware analysis for android
Review of behavior malware analysis for android
 
Malware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault AnalysisMalware Bytes – Advanced Fault Analysis
Malware Bytes – Advanced Fault Analysis
 

Último

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 

Último (20)

Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 

IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices

  • 1. Pattern Recognition and Applications Lab IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices Mansour Ahmadi Post-Doctoral Researcher, University of Cagliari, Italy With: Angelo Sotgiu , Giorgio Giacinto 1: University of Cagliari, Italy CD-MAKE’17, 31th August Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 1 / 16
  • 2. Prerequisite Android If you haven’t heard about Android, You probably live under a rock Malware - short for Malicious software Classification - A Machine Learning task for prediction Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 2 / 16
  • 3. Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
  • 4. Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
  • 5. Problem Android Malware - People need to protect their device from Android Malware Reaction of some people - What? - Are you joking? Is there Malware for Android? Our reply - New Android malware found every 10 seconds Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 3 / 16
  • 6. This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
  • 7. This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
  • 8. This work IntelliAV - Identify if an Android application is Goodware/Malware - The detection is performed by Machine Learning and On-Device Reaction of some people - What? There are hundreds of papers on this topic. - Are you joking? Do you mean yet another paper?? Our reply - Yes & NO Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 4 / 16
  • 9. Related works (based on Machine Learning) Year Method Detection Feature On-Device Available 2014 DroidAPIMiner − − API,PKG,PAR 2014 DroidMiner − − CG,API SEQ 2014 Drebin − PER,STR,API,INT 2014 DroidSIFT − − API Flow 2015 AppAudit − API Flow 2015 MudFlow − API Fow 2017 MaMaDroid − CG,API SEQ 2017 DroidSieve − − API,PER,INT,PKG,STR,STAT 2017 Qualcomm − Not Available Ours IntelliAV PER,INT,API,STAT Table : The systems that are mostly based on API, API-F, and API SEQ would fail against reflection. IntelliAV is the only on-device system that is available in the market. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 5 / 16
  • 10. Why On-Device Learning-based system? Why On-Device? 1 Google Play store is not totally free of malware. 2 Third-party app stores are popular among mobile users. 3 Malware might be added to Android devices during supply chain. 4 Droppers can simply evade offline detection systems. Why Machine-Learning? 1 Detecting zero-day malware. 2 Almost all of major AVs do not still use Machine Learning. 3 Being robust against simple evasion techniques. Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 6 / 16
  • 11. Overview of IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 7 / 16
  • 12. Feature Extraction Features - Rely on our previous works - 3955 features from Permissions, Intents, Statistical, APIs - To avoid over-fitting, select top 1000 meaningful features Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 8 / 16
  • 13. Model Construction Classifier - Algorithm: Random Forest - Library: TensorFlow (Multi-platform) - Train on 9,664 Malicious and 10,058 Benign applications Testing on-Device - The model can be transferred to the mobile device - Size of model is 3.3 MB - We don’t need root permission to read APKs - Give a probability to each application (Between 0 and 1) - Safe (0 P 0.4) , Suspicious ( 0.4 P 0.6) , Risky ( 0.6 P 1) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 9 / 16
  • 14. Capabilities of IntelliAV Scan Installed applications Single APK Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 10 / 16
  • 15. Evaluation - Detecting new malware Results - Testing on 2,311 malware, first seen in 2017 - 72% Detection Rate - 7.5% False Positive on 2,898 Benign Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 11 / 16
  • 16. Independant Test by 3rd party Results - Test on 500 common and recent Android malware in 2017 - IntelliAV achieved 96% Detection Rate Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 12 / 16
  • 17. Detecting Droppers on Device Droppers do not carry any malicious activities by themselves - Offline analysis systems would fail to detect the dropped Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 13 / 16
  • 18. IntelliAV Overhead API Extraction is the slowest part - AirBnB has 15 Dex files ( Make the feature extraction process slow) Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 14 / 16
  • 19. Summary 1 First practical Intelligent AV for Android (Available with details) 2 Careful selection of a set of lightweight features 3 A robust classification model, and a representative set of training samples 4 Intelliav can help the end user to provide easy protection on the device 5 IntelliAV allows researchers to better explore the idea of having intelligent security systems on mobile devices Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 15 / 16
  • 20. Make it a Try Follow us Http://www.IntelliAV.com Twitter Facebook: @IntelliAV Mansour Ahmadi (pralab.diee.unica.it) IntelliAV: Android Malware Detection CD-MAKE’17, 31th August 16 / 16