Intelligent and Non-intrusive Monitoring of Android Devices for Protection Against Data-infringing Malware

Project Reference :

AISG-2018-100E-004

Institution :

Singapore Management University (SMU)

Principal Investigator :

Professor Debin Gao

Technology Readiness :

4 (Technology validated in lab)

Technology Categories :

Mobile operating systems

Background/Problem Statement

Android operating system controls the mobile OS market with close to 70% market share. 

The global malware analysis market is expected to grow to USD 11.7 billion in 2024, at a CAGR of 30%. Increasing cyber-attacks and a high number of false alerts are some of the factors that have contributed to the considerable size of the malware analysis market.

Android is the most popular mobile platform today. It is also the mobile operating system that is heavily targeted by malware. However, the Android system has matured security and privacy mechanisms to disallow any attempts of violating code/data privacy policy of third-party applications or the system even for the purpose of detecting malware. Since malware detection requires closely monitoring the execution of other Android applications and such monitoring is considered as potentially malicious, it is becoming more and more challenging to perform malware detection on Android.

Solution

SideNet is a novel, non-intrusive, deep learning-based dynamic surveillance engine for detecting sensitive app behaviors on Android devices.

Sidenet comprises two automatic systems, utilising two different sources of side channels on Android systems, both of which require no rooting of the device and are non-intrusive to running applications.

The first system automatically collects system-wide API side-channel information on an un-rooted Android device, and sends the information to a customised deep neural network based on Encoder for classification, achieving an accuracy of up to 98.5% in detecting Android sensitive behaviours.  

The second system automatically collects CPU cache-based side channel information to detect the specific Android application that had triggered the sensitive behaviour detected, achieving over 90% accuracy across different phone models in a user study with 30 real-world users.

Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems

Benefits

  • In-lab simulations have shown that SideNet outperformed the competing models (including LSTM, MLP, FCN, Encoder, and ResNet) in terms of both accuracy and efficiency
  • SideNet showed significant improvements compared to even the strongest baseline, ResNet
  • It does not require rooting the protected device or modifying the semantics of any other apps running on the device. Consequently, SideNet could work on any existing Android distribution
  • Together with its high accuracy and low overhead, SideNet could therefore help enhance software-layer security of CPS and IoT environments involving Android devices, especially the industrial-based CPSs, by providing a cost-efficient supplement to potential malware mitigation measures

Potential Application(s)

This technology can be useful in the practical dynamic analysis of Android applications and malware detection.  It targets non-rooted Android devices used by the general public without framework modification. This could enable large-scale adoption with crowdsourcing capability.  Android software development industry, anti-virus and more generally Android security sector as well as governmental smart nation initiatives could benefit from this new technology.

We welcome interest from the industry for collaboration/ co-development / customisation of the technology into a new product or service. If you have any enquiries or are keen to collaborate, please contact us.