An adaptive framework against android privilege escalation threats using deep learning and semi-supervised approaches

Abstract

The immense popularity of Android makes it a primary target of malicious attackers and developers which brings a significant threat from malicious applications for android users through the escalation of the abuse of android permissions and inter-component communication (ICC) mechanism. Therefore, protecting android users from malicious developers and applications is crucial for Android market and communities. As malicious applications can hide their malicious behavior and change the behaviors frequently by abusing the android’s ICC mechanism and related vulnerabilities, it is a challenging task to identify them accurately before it becomes a prevalent reason for users’ privacy and data breach. Therefore, it is essential to develop such a malware detection engine that will ensure zero-day detection. In this research, we propose an adaptive framework which can learn the behavior of malware from the usage of permissions and their escalations. For our adaptive framework, we proposed two different detection models using deep learning and semi-supervised approaches. The proposed detection models can extract knowledge from unlabeled apps to identify the new malicious behavior using the unsupervised training nature of deep learning and clustering techniques and their integration to the supervised detection engine. Thus, our adaptive framework learns about new malicious apps and their behavior without supervised labeling by manual expert and can ensure zero-day protection. The proposed detection models have been tested on a real mobile malware test-bed and data set. The Experimental results show that the deep learning and semi-supervised based models achieve 99.024% of accuracies, more effective for zero-day protection and outperform other existing supervised detection engines.