In the last few years, Android mobile devices have encountered a large spread and nowadays a huge part of the traffic traversing the Internet is related to them. In parallel, the number of possible threats and attacks has also increased, thus emphasizing the need for accurate automatic malware detection systems. In this paper, we design and evaluate a system to detect whether a traffic object (biflow) is benign or malicious, possibly understanding its specific nature in the latter case. The proposal leverages machine learning in a hierarchical fashion, in order to capitalize on the structure of the traffic data and reap both design and performance benefits. The comparative evaluation - performed considering the public CICAndMal2017 dataset - assesses the performance of several machine-learning algorithms and witnesses that the hierarchical approach leads to improved performance w.r.t. the flat approach (up to +0.18 F1-score, depending on the granularity of the analysis and the machine learning algorithm considered). In addition, we evaluate the impact of a reject-option mechanism, showing the trade-off between classification accuracy and ratio of classified biflows.
Hierarchical Classification of Android Malware Traffic / Bovenzi, G.; Persico, V.; Pescape', A.; Piscitelli, A.; Spadari, V.. - (2022), pp. 1354-1359. (Intervento presentato al convegno 21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022 tenutosi a chn nel 2022) [10.1109/TrustCom56396.2022.00191].
Hierarchical Classification of Android Malware Traffic
Bovenzi G.
;Persico V.;Pescape' A.;
2022
Abstract
In the last few years, Android mobile devices have encountered a large spread and nowadays a huge part of the traffic traversing the Internet is related to them. In parallel, the number of possible threats and attacks has also increased, thus emphasizing the need for accurate automatic malware detection systems. In this paper, we design and evaluate a system to detect whether a traffic object (biflow) is benign or malicious, possibly understanding its specific nature in the latter case. The proposal leverages machine learning in a hierarchical fashion, in order to capitalize on the structure of the traffic data and reap both design and performance benefits. The comparative evaluation - performed considering the public CICAndMal2017 dataset - assesses the performance of several machine-learning algorithms and witnesses that the hierarchical approach leads to improved performance w.r.t. the flat approach (up to +0.18 F1-score, depending on the granularity of the analysis and the machine learning algorithm considered). In addition, we evaluate the impact of a reject-option mechanism, showing the trade-off between classification accuracy and ratio of classified biflows.| File | Dimensione | Formato | |
|---|---|---|---|
|
bovenzi2022hierarchical.pdf
solo utenti autorizzati
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
1.44 MB
Formato
Adobe PDF
|
1.44 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
