Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence

Luca Caviglione , Mauro Gaggero , Jean-François Lalande , Wojciech Mazurczyk , Marcin Urbański

Abstract

Modern malware uses advanced techniques to hide from static and dynamic analysis tools. To achieve stealthiness when attacking a mobile device, an effective approach is the use of a covert channel built by two colluding applications to exchange data locally. Since this process is tightly coupled with the used hiding method, its detection is a challenging task, also worsened by the very low transmission rates. As a consequence, it is important to investigate how to reveal the presence of malicious software using general indicators, such as the energy consumed by the device. In this perspective, this paper aims to spot malware covertly exchanging data using two detection methods based on artificial intelligence tools, such as neural networks and decision trees. To verify their effectiveness, seven covert channels have been implemented and tested over a measurement framework using Android devices. Experimental results show the feasibility and effectiveness of the proposed approach to detect the hidden data exchange between colluding applications.
Author Luca Caviglione - [National Research Council of Italy (CNR)]
Luca Caviglione,,
-
- Consiglio Nazionale delle Ricerche
, Mauro Gaggero - [National Research Council of Italy (CNR)]
Mauro Gaggero,,
-
- Consiglio Nazionale delle Ricerche
, Jean-François Lalande - [National Center for Scientific Research (CNRS), University Orléans]
Jean-François Lalande,,
-
- Centre National de la Recherche Scientifique
- University Orléans
, Wojciech Mazurczyk IT
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Marcin Urbański
Marcin Urbański,,
-
Journal seriesIEEE Transactions on Information Forensics and Security, ISSN 1556-6013
Issue year2016
Vol11
No4
Pages799-810
Publication size in sheets0.55
Keywords in EnglishEnergy-based malware detection, covert channels, colluding applications, neural networks, decision trees
DOIDOI:10.1109/TIFS.2015.2510825
URL http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7362010
Languageen angielski
File
2016 Mazurczyk Seeing the unseen.pdf 2.89 MB
Score (nominal)40
ScoreMinisterial score [Punktacja MNiSW] = 40.0, 27-03-2017, ArticleFromJournal
Ministerial score (2013-2016) [Punktacja MNiSW (2013-2016)] = 40.0, 27-03-2017, ArticleFromJournal
Publication indicators WoS Impact Factor [Impact Factor WoS]: 2016 = 4.332 (2) - 2016=4.824 (5)
Citation count*19 (2018-06-13)
Cite
Share Share

Get link to the record
msginfo.png


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back