DETECTION OF MALICIOUS ACTIVITY USING A NEURAL NETWORK FOR CONTINUOUS OPERATION

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.23.213224

Keywords:

recurrent neural network, LSTM, machine learning, deep learning neural networks, malware detection

Abstract

This article describes the problem of detecting malicious programs in running systems of users of mobile applications. Because users can download any application on their phone, which over time can pull up additional settings, which can store malicious routines for monitoring both personal life and their personal data, such as logins, passwords, bank data. The detection of such routines is based on dynamic analysis and is formulated as a weakly controlled problem. The article contains an analysis of information on the development of researchers who worked on detection models and methods such as: statistical and dynamic intrusion detection methods, anomaly detection model, settings classification methods, machine and deep learning methods. Machine learning, and especially deep learning, has become an extremely useful and interesting topic in cybersecurity over the past few years. In this context, the detection of malicious software has received considerable attention. The article considers the problem of detecting the activity of malicious software of mobile operating systems in the time domain by analyzing behavioral sequences of a large amount of industrial data. When malware executes on a system, its behavior consists of a series of distinct actions placed along the time axis, and there is only a subsequence of actions that lead to malicious activity. Very often, malicious software does not manifest itself immediately, and at some point in the execution, malicious activity is formed. Therefore, the main task and difficulty is to identify such a subsequence in the entire sequence of events. Due to this, it is proposed to develop a behavior model that would analyze the dynamic behavior of the program in the system during execution. For this, a sequence of API/function calls generated by the program at runtime is used as input data and a recurrent neural network (RNN) architecture is proposed to detect malicious activity. The article describes the training method of the proposed model and provides verification of its performance on a large sample of industrial data consisting of a large number of samples generated on the emulator farm. Many mobile phone vendors strive for hardware acceleration on the device to provide better support. Therefore, it can be considered that the deployment of a model based on RNM directly on the device as one of the security levels can become a viable solution. The test data of the model described in the article show sufficiently high positive results when detecting malicious activities.

Downloads

Download data is not yet available.

References

Lueg, C. (2017). 8,400 new Android malware samples every day. https://www.gdatasoftware.com/blog/2017/04/29712-8-400-new-android malware-samples-every-day

Feng, Y., et al. (2014). Apposcopy: Semantics-based detection of android malware through static analysis. 22nd ACM SIGSOFT International Symposium on Foundations of Software EngineeringNovember, 576–587. https://doi.org/10.1145/2635868.2635869

Felt, A., et al. (2012). Android permissions demystified. 18th ACM conference on Computer and communications security, 627–638. https://doi.org/10.1145/2046707.2046779

Mariconti, E., et al. (2016). MaMaDroid: Detecting android malware by building markov chains of behavioral models. https://doi.org/10.48550/arXiv.1711.07477

Shabtai, A., et al. (2012). “Andromaly”: A behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 38, 161–190. https://doi.org/10.1007/s10844-010-0148-x

Canfora, G., et al. (2015). Detecting android malware using sequences of system calls, 3rd International Workshop on Software Development Lifecycle for Mobile, 13–20. https://doi.org/10.1145/2804345.2804349

Ferrante, A., et al. (2016). Spotting the malicious moment: Char- acterizing malware behavior using dynamic features. 11th International Conference on Availability, Reliability and Security. https://doi.org/10.1109/ARES.2016.70

Pang, B., Lee, L., & Vaithyanathan, S. (2002). Thumbs up?: Sentiment classification using machine learning tech- niques, ACL-02 Conference on Empirical Methods in Natural Language Processing, 10, 79–86.

Turney, P. (2002) Thumbs up or thumbs down?: Semantic orientation applied to unsupervised classification of reviews. 40th Annual Meeting on Association for Computational Linguistics, ACL ’02, 417–424.

Glorot, X., Bordes, A., & Bengio, Y. (2011). Deep sparse rectifier neural networks. Fourteenth International Conference on Artificial Intelligence and Statistics.

Zhang, R., et al. (2017). Real-time user-guided image colorization with learned deep priors. TOG.

Arandjelovic, R., et al. (2017). NetVLAD: CNN architecture for weakly su- pervised place recognition, IEEE Transactions on Pattern Analysis and Machine Intelligence, 40(6). https://doi.org/10.1109/TPAMI.2017.2711011

Upadhyay, S., et al. (2018). (Almost) Zero-shot cross-lingual spoken lan- guage understanding. 2018 IEEE International Conference on Acoustics, Speech and Signal Processing. https://doi.org/10.1109/ICASSP.2018.8461905

Li, J., et al. (2017). Adversarial learning for neural dialogue generation. 2017 Conference on Empirical Methods in Natural Language Processing, 2157–2169. https://doi.org/10.18653/v1/D17-1230

Dong, L., et al. (2014). Adaptive recursive neural network for target-dependent twitter sentiment classification, 52nd Annual Meeting of the Association for Computational Linguistics, 2, 49–54. https://doi.org/10.3115/v1/P14-2009

Elman, J. (1990). Finding structure in time. Cognitive Science, 14(2), 179–211. https://doi.org/10.1016/0364-0213(90)90002-E

Bengio, Y., Simard, P., & Frasconi, P. (1994). Learning long- term dependencies with gradient descent is difficult, IEEE Transactions on Neural Networks, 5(2). https://doi.org/10.1109/72.279181

Schuster, M., & Paliwal, K. (1997). Bidirectional recurrent neural networks. IEEE Transactions on Signal Processing, 45(11). https://doi.org/10.1109/78.650093

Hochreither, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation

Cho, K., et al. (2014). Learning phrase representations using RNN encoder-decoder for statistical machine translation. 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), 1724–1734. https://doi.org/10.3115/v1/D14-1179

Arp, D., et al. (2014). DREBIN: Effective and explainable detection of android malware in your pocket. NDSS

Tobiyama, S., et al. (2016). Malware detection with deep neural network using process behavior,” IEEE 40th Annual Computer Software and Applications Conference (COMPSAC). https://doi.org/ 10.1109/COMPSAC.2016.151

Downloads


Abstract views: 69

Published

2024-03-28

How to Cite

Sosnovyy, V., & Lashchevska , N. (2024). DETECTION OF MALICIOUS ACTIVITY USING A NEURAL NETWORK FOR CONTINUOUS OPERATION. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(23), 213–224. https://doi.org/10.28925/2663-4023.2024.23.213224

Issue

Vol. 3 No. 23 (2024): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2024 Владислав Сосновий, Наталія Лащевська

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.