AProctor - A practical on-device antidote for Android malware

AProctor - A practical on-device antidote for Android malware

연구 분야: Safety

학회: ACSW '23: Proceedings of the 2023 Australasian Computer Science Week

As the number of smartphone users increases, the attacker’s interest in breaching Android security also increases. To protect the user from malware attacks and enhance his mobile security, we present AProctor, an Android application capable of differentiating between benign and malware applications on the Android device. AProctor is a serverless solution. Hence it is a complete on-device solution. Indeed famous anomaly-based detection can protect the user from new and unknown malware, but it has its downsides. Anomaly-based algorithms demand a significant amount of energy and resource, but the platform for which we are developing malware detectors is resource-constrained Android phones. So for this, we first implemented a fast and efficient way to extract features in the Android device. We collect the dataset from various repositories and categorize them according to their packaging time. We use the feature importance technique to reduce the feature set to build lightweight models. We train our model on the server and deploy it on the device. The detection rate of AProctor is 97% when the training and testing sets are of the same period. Moreover, the detection rate comes to 92% when the test set is of a different period, i.e., for unknown APKs.