Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence

Luca Caviglione , Mauro Gaggero , Jean-François Lalande , Wojciech Mazurczyk , Marcin Urbański


Modern malware uses advanced techniques to hide from static and dynamic analysis tools. To achieve stealthiness when attacking a mobile device, an effective approach is the use of a covert channel built by two colluding applications to exchange data locally. Since this process is tightly coupled with the used hiding method, its detection is a challenging task, also worsened by the very low transmission rates. As a consequence, it is important to investigate how to reveal the presence of malicious software using general indicators, such as the energy consumed by the device. In this perspective, this paper aims to spot malware covertly exchanging data using two detection methods based on artificial intelligence tools, such as neural networks and decision trees. To verify their effectiveness, seven covert channels have been implemented and tested over a measurement framework using Android devices. Experimental results show the feasibility and effectiveness of the proposed approach to detect the hidden data exchange between colluding applications.
Author Luca Caviglione - [National Research Council of Italy (CNR)]
Luca Caviglione,,
- Consiglio Nazionale delle Ricerche
, Mauro Gaggero - [National Research Council of Italy (CNR)]
Mauro Gaggero,,
- Consiglio Nazionale delle Ricerche
, Jean-François Lalande - [National Center for Scientific Research (CNRS), University Orléans]
Jean-François Lalande,,
- Centre National de la Recherche Scientifique
- University Orléans
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Marcin Urbański
Marcin Urbański,,
Journal seriesIEEE Transactions on Information Forensics and Security, ISSN 1556-6013
Issue year2016
Publication size in sheets0.55
Keywords in EnglishEnergy-based malware detection, covert channels, colluding applications, neural networks, decision trees
ASJC Classification1705 Computer Networks and Communications; 2213 Safety, Risk, Reliability and Quality
Languageen angielski
2016 Mazurczyk Seeing the unseen.pdf 2.89 MB
Score (nominal)40
Score sourcejournalList
ScoreMinisterial score = 40.0, 18-09-2020, ArticleFromJournal
Ministerial score (2013-2016) = 40.0, 18-09-2020, ArticleFromJournal
Publication indicators WoS Citations = 19; Scopus Citations = 27; GS Citations = 32.0; Scopus SNIP (Source Normalised Impact per Paper): 2016 = 3.155; WoS Impact Factor: 2016 = 4.332 (2) - 2016=4.824 (5)
Citation count*32 (2019-04-30)
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Are you sure?