Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models
The prevalence of malware attacks that target IoT systems has raised an alarm and highlighted the need for efficient mechanisms to detect and defeat them. However, detecting malware is challenging, especially malware with new or unknown behaviors. The main problem is that malware can hide, so it can...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-12-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/13/1/557 |
| _version_ | 1797626178042855424 |
|---|---|
| author | Norah Abanmi Heba Kurdi Mai Alzamel |
| author_facet | Norah Abanmi Heba Kurdi Mai Alzamel |
| author_sort | Norah Abanmi |
| collection | DOAJ |
| description | The prevalence of malware attacks that target IoT systems has raised an alarm and highlighted the need for efficient mechanisms to detect and defeat them. However, detecting malware is challenging, especially malware with new or unknown behaviors. The main problem is that malware can hide, so it cannot be detected easily. Furthermore, information about malware families is limited which restricts the amount of “big data” that is available for analysis. The motivation of this paper is two-fold. First, to introduce a new Profile Hidden Markov Model (PHMM) that can be used for both app analysis and classification in Android systems. Second, to dynamically identify suspicious calls while reducing infection risks of executed codes. We focused on Android systems, as they are more vulnerable than other IoT systems due to their ubiquitousness and sideloading features. The experimental results showed that the proposed <b>D</b>ynamic <b>I</b>oT malware Detection in Android Systems using <b>P</b>HMM (DIP) achieved superior performance when benchmarked against eight rival malware detection frameworks, showing up to 96.3% accuracy at 5% False Positive Rate (FP rate), 3% False Negative Rate (FN rate) and 94.9% F-measure. |
| first_indexed | 2024-03-11T10:06:48Z |
| format | Article |
| id | doaj.art-642ba7deec014a61bb3f01b471b2a3a2 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-11T10:06:48Z |
| publishDate | 2022-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-642ba7deec014a61bb3f01b471b2a3a22023-11-16T14:58:39ZengMDPI AGApplied Sciences2076-34172022-12-0113155710.3390/app13010557Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov ModelsNorah Abanmi0Heba Kurdi1Mai Alzamel2Department of Computer Science, College of Computer and Information Sciences, King Saud University, Riyadh P.O. Box 145111, Saudi ArabiaDepartment of Computer Science, College of Computer and Information Sciences, King Saud University, Riyadh P.O. Box 145111, Saudi ArabiaDepartment of Computer Science, College of Computer and Information Sciences, King Saud University, Riyadh P.O. Box 145111, Saudi ArabiaThe prevalence of malware attacks that target IoT systems has raised an alarm and highlighted the need for efficient mechanisms to detect and defeat them. However, detecting malware is challenging, especially malware with new or unknown behaviors. The main problem is that malware can hide, so it cannot be detected easily. Furthermore, information about malware families is limited which restricts the amount of “big data” that is available for analysis. The motivation of this paper is two-fold. First, to introduce a new Profile Hidden Markov Model (PHMM) that can be used for both app analysis and classification in Android systems. Second, to dynamically identify suspicious calls while reducing infection risks of executed codes. We focused on Android systems, as they are more vulnerable than other IoT systems due to their ubiquitousness and sideloading features. The experimental results showed that the proposed <b>D</b>ynamic <b>I</b>oT malware Detection in Android Systems using <b>P</b>HMM (DIP) achieved superior performance when benchmarked against eight rival malware detection frameworks, showing up to 96.3% accuracy at 5% False Positive Rate (FP rate), 3% False Negative Rate (FN rate) and 94.9% F-measure.https://www.mdpi.com/2076-3417/13/1/557cybersecurityInternet of ThingsMarkov ModelAndroidmalware detection |
| spellingShingle | Norah Abanmi Heba Kurdi Mai Alzamel Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models Applied Sciences cybersecurity Internet of Things Markov Model Android malware detection |
| title | Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models |
| title_full | Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models |
| title_fullStr | Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models |
| title_full_unstemmed | Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models |
| title_short | Dynamic IoT Malware Detection in Android Systems Using Profile Hidden Markov Models |
| title_sort | dynamic iot malware detection in android systems using profile hidden markov models |
| topic | cybersecurity Internet of Things Markov Model Android malware detection |
| url | https://www.mdpi.com/2076-3417/13/1/557 |
| work_keys_str_mv | AT norahabanmi dynamiciotmalwaredetectioninandroidsystemsusingprofilehiddenmarkovmodels AT hebakurdi dynamiciotmalwaredetectioninandroidsystemsusingprofilehiddenmarkovmodels AT maialzamel dynamiciotmalwaredetectioninandroidsystemsusingprofilehiddenmarkovmodels |