822 research outputs found
XMD: An Expansive Hardware-telemetry based Mobile Malware Detector to enhance Endpoint Detection
Hardware-based Malware Detectors (HMDs) have shown promise in detecting
malicious workloads. However, the current HMDs focus solely on the CPU core of
a System-on-Chip (SoC) and, therefore, do not exploit the full potential of the
hardware telemetry. In this paper, we propose XMD, an HMD that uses an
expansive set of telemetry channels extracted from the different subsystems of
SoC. XMD exploits the thread-level profiling power of the CPU-core telemetry,
and the global profiling power of non-core telemetry channels, to achieve
significantly better detection performance than currently used Hardware
Performance Counter (HPC) based detectors. We leverage the concept of manifold
hypothesis to analytically prove that adding non-core telemetry channels
improves the separability of the benign and malware classes, resulting in
performance gains. We train and evaluate XMD using hardware telemetries
collected from 723 benign applications and 1033 malware samples on a commodity
Android Operating System (OS)-based mobile device. XMD improves over currently
used HPC-based detectors by 32.91% for the in-distribution test data. XMD
achieves the best detection performance of 86.54% with a false positive rate of
2.9%, compared to the detection rate of 80%, offered by the best performing
signature-based Anti-Virus(AV) on VirusTotal, on the same set of malware
samples.Comment: Revised version based on peer review feedback. Manuscript to appear
in IEEE Transactions on Information Forensics and Securit
Behaviour based anomaly detection system for smartphones using machine learning algorithm
In this research, we propose a novel, platform independent behaviour-based anomaly detection system for smartphones. The fundamental premise of this system is that every smartphone user has unique usage patterns. By modelling these patterns into a profile we can uniquely identify users. To evaluate this hypothesis, we conducted an experiment in which a data collection application was developed to accumulate real-life dataset consisting of application usage statistics, various system metrics and contextual information from smartphones. Descriptive statistical analysis was performed on our dataset to identify patterns of dissimilarity in smartphone usage of the participants of our experiment. Following this analysis, a Machine Learning algorithm was applied on the dataset to create a baseline usage profile for each participant. These profiles were compared to monitor deviations from baseline in a series of tests that we conducted, to determine the profiling accuracy. In the first test, seven day smartphone usage data consisting of eight features and an observation interval of one hour was used and an accuracy range of 73.41% to 100% was achieved. In this test, 8 out 10 user profiles were more than 95% accurate. The second test, utilised the entire dataset and achieved average accuracy of 44.50% to 95.48%. Not only these results are very promising in differentiating participants based on their usage, the implications of this research are far reaching as our system can also be extended to provide transparent, continuous user authentication on smartphones or work as a risk scoring engine for other Intrusion Detection System
- …