Deep-Learning–Based App Sensitive Behavior Surveillance for Android Powered Cyber–Physical Systems

Abstract

Android as an operating system is now increasingly being adopted in industrial information systems, especially with cyber-physical systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicious applications targeting the platform. The existence of such malware threats, therefore, call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and Internet of Things (IoT) devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this article, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed that detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well-established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.