Consiglio Nazionale delle Ricerche

Tipo di prodottoArticolo in rivista
TitoloSeeing the unseen: revealing mobile malware hidden communications via energy consumption and artificial intelligence
Anno di pubblicazione2016
FormatoCartaceo
Autore/iL. Caviglione; M. Gaggero; J-F. Lalande; W. Mazurczyk; M. Urbanski
Affiliazioni autori1. Institute of Intelligent Systems for Automation, National Research Council of Italy, Genoa 16149, Italy 2. Institute of Intelligent Systems for Automation, National Research Council of Italy, Genoa 16149, Italy 3. Institut National des Sciences Appliquées Centre Val de Loire, Bourges 18020, France 4. Institute of Telecommunications, Warsaw University of Technology, Warsaw 00-665, Poland 5. 4. Institute of Telecommunications, Warsaw University of Technology, Warsaw 00-665, Poland
Autori CNR e affiliazioni
  • LUCA CAVIGLIONE
  • MAURO GAGGERO
Lingua/e
  • inglese
AbstractModern malware uses advanced techniques to hide from static and dynamic analysis tools. To achieve stealthiness when attacking a mobile device, an effective approach is the use of a covert channel built by two colluding applications to exchange data locally. Since this process is tightly coupled with the used hiding method, its detection is a challenging task, also worsened by the very low transmission rates. As a consequence, it is important to investigate how to reveal the presence of malicious software using general indicators, such as the energy consumed by the device. In this perspective, this paper aims to spot malware covertly exchanging data using two detection methods based on artificial intelligence tools, such as neural networks and decision trees. To verify their effectiveness, seven covert channels have been implemented and tested over a measurement framework using Android devices. Experimental results show the feasibility and effectiveness of the proposed approach to detect the hidden data exchange between colluding applications.
Lingua abstractinglese
Altro abstract-
Lingua altro abstract-
Pagine da799
Pagine a810
Pagine totali12
RivistaIEEE transactions on information forensics and security
Attiva dal 2006
Editore: IEEE, - New York, N.Y.
Paese di pubblicazione: Stati Uniti d'America
Lingua: inglese
ISSN: 1556-6013
Titolo chiave: IEEE transactions on information forensics and security
Titolo proprio: IEEE transactions on information forensics and security.
Titoli alternativi:
  • Institute of Electrical and Electronics Engineers transactions on information forensics and security
  • Information forensics and security
Numero volume della rivista11
Fascicolo della rivista4
DOI10.1109/TIFS.2015.2510825
Verificato da refereeSì: Internazionale
Stato della pubblicazionePublished version
Indicizzazione (in banche dati controllate)
  • Scopus (Codice:2-s2.0-84959229804)
  • ISI Web of Science (WOS) (Codice:000370734700011)
Parole chiaveEnergy-based malware detection, covert channels, colluding applications, neural networks, decision trees.
Link (URL, URI)-
Titolo parallelo-
Licenza-
Scadenza embargo-
Data di accettazione-
Note/Altre informazioni-
Strutture CNR
  • ISSIA — Istituto di studi sui sistemi intelligenti per l'automazione
  • INM — Istituto di iNgegneria del Mare
Moduli/Attività/Sottoprogetti CNR-
Progetti Europei-
Allegati
Seeing the unseen: revealing mobile malware hidden communications (documento privato )
Descrizione: VoR Version of Record - versione finale pubblicata
Tipo documento: application/pdf
Seeing the unseen: revealing mobile malware hidden communications (documento privato )
Descrizione: AAM - Accepted Version (postprint)
Tipo documento: application/pdf