Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence
Luca Caviglione , Mauro Gaggero , Jean-François Lalande , Wojciech Mazurczyk , Marcin Urbański
AbstractModern malware uses advanced techniques to hide from static and dynamic analysis tools. To achieve stealthiness when attacking a mobile device, an effective approach is the use of a covert channel built by two colluding applications to exchange data locally. Since this process is tightly coupled with the used hiding method, its detection is a challenging task, also worsened by the very low transmission rates. As a consequence, it is important to investigate how to reveal the presence of malicious software using general indicators, such as the energy consumed by the device. In this perspective, this paper aims to spot malware covertly exchanging data using two detection methods based on artificial intelligence tools, such as neural networks and decision trees. To verify their effectiveness, seven covert channels have been implemented and tested over a measurement framework using Android devices. Experimental results show the feasibility and effectiveness of the proposed approach to detect the hidden data exchange between colluding applications.
|Journal series||IEEE Transactions on Information Forensics and Security, ISSN 1556-6013|
|Publication size in sheets||0.55|
|Keywords in English||Energy-based malware detection, covert channels, colluding applications, neural networks, decision trees|
|Score|| = 40.0, 27-03-2017, ArticleFromJournal|
= 40.0, 27-03-2017, ArticleFromJournal
|Publication indicators||: 2016 = 4.332 (2) - 2016=4.824 (5)|
|Citation count*||17 (2018-02-21)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.