DroidLight

Proceedings of the 21st International Conference on Distributed Computing and Networking Pub Date : 2020-01-04 DOI:10.1145/3369740.3369796

Sakil Barbhuiya, Peter Kilpatrick, Dimitrios S. Nikolopoulos

{"title":"DroidLight","authors":"Sakil Barbhuiya, Peter Kilpatrick, Dimitrios S. Nikolopoulos","doi":"10.1145/3369740.3369796","DOIUrl":null,"url":null,"abstract":"Smartphone malware attacks are increasing alongside the growth of smartphone applications in the market. Researchers have proposed techniques to detect malware attacks using various approaches, which broadly include signature and anomaly-based intrusion detection systems (IDSs). Anomaly-based IDSs usually require training machine learning models with datasets collected from running both benign and malware applications. This may result in low detection accuracy when detecting zero-day malwares, i.e. those not previously seen or recorded. In this paper, we propose DroidLight, a lightweight IDS which can detect zero-day malware efficiently and effectively. We designed an algorithm for DroidLight that is based on one class classification and probability distribution analysis. For each smartphone application, the classification model learns its normal CPU utilisation and network traffic pattern. The model flags an intrusion alert if there is any significant deviation from the normal pattern. By deploying three self-developed malwares we performed realistic evaluation of DroidLight, i.e. the evaluation was performed on a real device while a real user was interacting with it. Evaluation results demonstrate that DroidLight can detect smartphone malwares with accuracy ranging from 93.3% to 100% while imposing only 1.5% total overhead on device resources.","PeriodicalId":240048,"journal":{"name":"Proceedings of the 21st International Conference on Distributed Computing and Networking","volume":"100 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 21st International Conference on Distributed Computing and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3369740.3369796","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Smartphone malware attacks are increasing alongside the growth of smartphone applications in the market. Researchers have proposed techniques to detect malware attacks using various approaches, which broadly include signature and anomaly-based intrusion detection systems (IDSs). Anomaly-based IDSs usually require training machine learning models with datasets collected from running both benign and malware applications. This may result in low detection accuracy when detecting zero-day malwares, i.e. those not previously seen or recorded. In this paper, we propose DroidLight, a lightweight IDS which can detect zero-day malware efficiently and effectively. We designed an algorithm for DroidLight that is based on one class classification and probability distribution analysis. For each smartphone application, the classification model learns its normal CPU utilisation and network traffic pattern. The model flags an intrusion alert if there is any significant deviation from the normal pattern. By deploying three self-developed malwares we performed realistic evaluation of DroidLight, i.e. the evaluation was performed on a real device while a real user was interacting with it. Evaluation results demonstrate that DroidLight can detect smartphone malwares with accuracy ranging from 93.3% to 100% while imposing only 1.5% total overhead on device resources.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 21st International Conference on Distributed Computing and Networking

自引率

0.00%

发文量