In recent years the PC has been replaced by mobile devices for many security
sensitive operations, both from a privacy and a financial standpoint. While
security mechanisms are deployed at various levels, these are frequently put
under strain by previously unseen malware. An additional protection layer
capable of novelty detection is therefore needed. In this work we propose
SpotCheck, an anomaly detector intended to run on Android devices. It samples
app executions and submits suspicious apps to more thorough processing by
malware sandboxes. We compare Kernel Principal Component Analysis (KPCA) and
Variational Autoencoders (VAE) on app execution representations based on the
well-known system call traces, as well as a novel approach based on memory
dumps. Results show that when using VAE, SpotCheck attains a level of
effectiveness comparable to what has been previously achieved for network
anomaly detection. Interestingly this is also true for the memory dump
approach, relinquishing the need for continuous app monitoring.

Go to Source of this post
Author Of this post: <a href="">Mark Vella</a>, <a href="">Christian Colombo</a>

By admin