Mobile devices, with particular regard to the ones equipped with the Android operating system, are currently targeted by malicious writers that continuously develop harmful code able to gather private and sensitive information for our smartphones and tablets. The signature provided by the antimalware demonstrated to be not effective with new malware or malicious payload obfuscated with aggressive morphing techniques. Current literature in malware detection proposes methods exploiting both static (i.e., analysing the source code structure) than dynamic analysis (i.e., considering characteristics gathered when the application is running). In this paper we propose the representation of an application in terms of image obtained from the system call trace. Thus, we consider this representation to input a classifier to automatically discriminate whether an application under analysis is malware or legitimate. We perform an experimental analysis with several machine and deep learning classification algorithm evaluating a dataset composed by 6817 real-world malware and legitimate samples. We obtained an accuracy up to 0.89, showing the effectiveness of the proposed approach.
Dynamic mobile malware detection through system call-based image representation
Casolare R.;De Dominicis C.;Mercaldo F.;Santone A.
2021-01-01
Abstract
Mobile devices, with particular regard to the ones equipped with the Android operating system, are currently targeted by malicious writers that continuously develop harmful code able to gather private and sensitive information for our smartphones and tablets. The signature provided by the antimalware demonstrated to be not effective with new malware or malicious payload obfuscated with aggressive morphing techniques. Current literature in malware detection proposes methods exploiting both static (i.e., analysing the source code structure) than dynamic analysis (i.e., considering characteristics gathered when the application is running). In this paper we propose the representation of an application in terms of image obtained from the system call trace. Thus, we consider this representation to input a classifier to automatically discriminate whether an application under analysis is malware or legitimate. We perform an experimental analysis with several machine and deep learning classification algorithm evaluating a dataset composed by 6817 real-world malware and legitimate samples. We obtained an accuracy up to 0.89, showing the effectiveness of the proposed approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
