TY - JOUR
T1 - A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices
AU - Feng, Ruitao
AU - Chen, Sen
AU - Xie, Xiaofei
AU - Meng, Guozhu
AU - Lin, Shang Wei
AU - Liu, Yang
N1 - Funding Information:
Manuscript received April 5, 2020; revised August 4, 2020; accepted August 31, 2020. Date of publication September 23, 2020; date of current version December 11, 2020. This work was supported in part by the Singapore Ministry of Education Academic Research Fund Tier 1 under Award 2018-T1-002-069, in part by the National Research Foundation, Prime Ministers Office, Singapore through its National Cybersecurity Research and Development Program under Award RF2018 NCR-NCR005-0001, in part by the Singapore National Research Foundation through NCR under Award NSOE003-0001, in part by the NRF Investigatorship under Grant NRFI06-2020-0022, in part by the National Research Foundation, Prime Ministers Office, Singapore through NCR under Award NRF2018NCR-NSOE004-0001, in part by the National Natural Science Foundation of China under Grant 61902395, and in part by the NVIDIA AI Tech Center (NVAITC). The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Debdeep Mukhopadhyay. (Corresponding author: Sen Chen.) Ruitao Feng, Xiaofei Xie, Shang-Wei Lin, and Yang Liu are with the School of Computer Science and Engineering, Nanyang Technological University, Singapore 639798 (e-mail: rtfeng@ntu.edu.sg; xfxie@ntu.edu.sg; shang-wei.lin@ntu.edu.sg; yangliu@ntu.edu.sg).
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2021
Y1 - 2021
N2 - Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers from the security threats of attackers. Consequently, a last line of defense on mobile devices is necessary and much-needed. In this paper, we propose an effective Android malware detection system, MobiTive, leveraging customized deep neural networks to provide a real-time and responsive detection environment on mobile devices. MobiTive is a pre-installed solution rather than an app scanning and monitoring engine using after installation, which is more practical and secure. Although a deep learning-based approach can be maintained on server side efficiently for malware detection, original deep learning models cannot be directly deployed and executed on mobile devices due to various performance limitations, such as computation power, memory size, and energy. Therefore, we evaluate and investigate the following key points: (1) the performance of different feature extraction methods based on source code or binary code; (2) the performance of different feature type selections for deep learning on mobile devices; (3) the detection accuracy of different deep neural networks on mobile devices; (4) the real-time detection performance and accuracy on different mobile devices; (5) the potential based on the evolution trend of mobile devices' specifications; and finally we further propose a practical solution (MobiTive) to detect Android malware on mobile devices.
AB - Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers from the security threats of attackers. Consequently, a last line of defense on mobile devices is necessary and much-needed. In this paper, we propose an effective Android malware detection system, MobiTive, leveraging customized deep neural networks to provide a real-time and responsive detection environment on mobile devices. MobiTive is a pre-installed solution rather than an app scanning and monitoring engine using after installation, which is more practical and secure. Although a deep learning-based approach can be maintained on server side efficiently for malware detection, original deep learning models cannot be directly deployed and executed on mobile devices due to various performance limitations, such as computation power, memory size, and energy. Therefore, we evaluate and investigate the following key points: (1) the performance of different feature extraction methods based on source code or binary code; (2) the performance of different feature type selections for deep learning on mobile devices; (3) the detection accuracy of different deep neural networks on mobile devices; (4) the real-time detection performance and accuracy on different mobile devices; (5) the potential based on the evolution trend of mobile devices' specifications; and finally we further propose a practical solution (MobiTive) to detect Android malware on mobile devices.
UR - http://www.scopus.com/inward/record.url?scp=85091689758&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85091689758&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2020.3025436
DO - 10.1109/TIFS.2020.3025436
M3 - Article
AN - SCOPUS:85091689758
SN - 1556-6013
VL - 16
SP - 1563
EP - 1578
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
M1 - 9204665
ER -