Deep-learning-based app sensitive behavior surveillance for Android powered cyber-physical systems

Android as an operating system is now increasingly being adopted in industrial information systems, especially with Cyber-Physical Systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the inc...

Full description

Saved in:
Bibliographic Details
Main Authors: MA, Haoyu, TIAN, Jianwen, QIU, Kefan, LO, David, GAO, Debin, WU, Daoyuan, JIA, Chunfu, BAKER, Thar
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2020
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/5498
https://ink.library.smu.edu.sg/context/sis_research/article/6501/viewcontent/tii20.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Android as an operating system is now increasingly being adopted in industrial information systems, especially with Cyber-Physical Systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicous applications targeting the platform. The existence of such malware threats therefore call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and IoT devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this paper, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed which detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.