Dynamic Mobile Malware Detection through System Call-based Image representation

Rosangela Casolare
1, Carlo De Dominicis2, Giacomo Iadarola3, Fabio Martinelli3,
Francesco Mercaldo
1,3+, and Antonella Santone1
 

1University of Molise, Pesche (IS), Italy

{rosangela.casolare, francesco.mercaldo, antonella.santone}@unimol.it

2University of Padova, Padova, Italy

carlo.dedominicis.1@studenti.unipd.it

3IIT-CNR, Pisa, Italy

{giacomo.iadarola, fabio.martinelli}@iit.cnr.it

 

Abstract

Mobile devices, with particular regard to the ones equipped with the Android operating system, are currently targeted by malicious writers that continuously develop harmful code able to gather private and sensitive information for our smartphones and tablets. The signature provided by the antimalware demonstrated to be not effective with new malware or malicious payload obfuscated with aggressive morphing techniques. Current literature in malware detection proposes methods exploiting both static (i.e., analysing the source code structure) than dynamic analysis (i.e., considering characteristics gathered when the application is running). In this paper we propose the representation of an application in terms of image obtained from the system call trace. Thus, we consider this representation to input a classifier to automatically discriminate whether an application under analysis is malware or legitimate. We perform an experimental analysis with several machine and deep learning classification algorithm evaluating a dataset composed by 6817 real-world malware and legitimate samples. We obtained an accuracy up to 0.89, showing the effectiveness of the proposed approach.

Keywords: mobile security, malware analysis, system call, dynamic analysis, Android, machine learning,

deep learning, classification

 

+: Corresponding author: Francesco Mercaldo
University of Molise, Campobasso 86100, Italy, Tel: +39 0874 40 41

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 12, No. 1, pp. 44-63, March 2021 [pdf]

Received: December 30, 2020; Accepted: February 18, 2021; Published: March 31, 2021

DOI: 10.22667/JOWUA.2021.03.31.044