NASK PIB, Kolska 12, 01-045 Warsaw, Poland.
Sensors (Basel). 2022 Aug 31;22(17):6562. doi: 10.3390/s22176562.
Currently, Android is the most popular operating system among mobile devices. However, as the number of devices with the Android operating system increases, so does the danger of using them. This is especially important as smartphones increasingly authenticate critical activities(e-banking, e-identity). BotSense Mobile is a tool already integrated with some critical applications (e-banking, e-identity) to increase user safety. In this paper, we focus on the novel functionality of BotSense Mobile: the detection of malware applications on a user device. In addition to the standard blacklist approach, we propose a machine learning-based model for unknown malicious application detection. The lightweight neural network model is deployed on an edge device to avoid sending sensitive user data outside the device. For the same reason, manifest-related features can be used by the detector only. We present a comprehensive empirical analysis of malware detection conducted on recent data (May-June, 2022) from the Koodous platform, which is a collaborative platform where over 70 million Android applications were collected. The research highlighted the problem of machine learning model aging. We evaluated the lightweight model on recent Koodous data and obtained f1=0.77 and high precision (0.9).
目前,Android 是移动设备中最受欢迎的操作系统。然而,随着使用 Android 操作系统的设备数量的增加,使用它们的危险也随之增加。这在智能手机越来越多地认证关键活动(电子银行、电子身份)时尤为重要。BotSense Mobile 是一种已经集成到一些关键应用程序(电子银行、电子身份)中的工具,以提高用户的安全性。在本文中,我们专注于 BotSense Mobile 的新功能:检测用户设备上的恶意软件应用程序。除了标准的黑名单方法外,我们还提出了一种基于机器学习的未知恶意应用程序检测模型。轻量级神经网络模型部署在边缘设备上,以避免将敏感用户数据发送到设备外部。出于同样的原因,检测器只能使用与清单相关的功能。我们对 Koodous 平台(一个协作平台,其中收集了超过 7000 万个 Android 应用程序)上最近的数据(2022 年 5 月至 6 月)进行了恶意软件检测的全面实证分析。该研究强调了机器学习模型老化的问题。我们在最近的 Koodous 数据上评估了轻量级模型,得到了 f1=0.77 和高精度(0.9)。
