In the last few years, Android mobile devices have encountered a large spread and nowadays a huge part of the traffic traversing the Internet is related to them. In parallel, the number of possible threats and attacks has also increased, thus emphasizing the need for accurate automatic malware detection systems. In this paper, we design and evaluate a system to detect whether a traffic object (biflow) is benign or malicious, possibly understanding its specific nature in the latter case. The proposal leverages machine learning in a hierarchical fashion, in order to capitalize on the structure of the traffic data and reap both design and performance benefits. The comparative evaluation - performed considering the public CICAndMal2017 dataset - assesses the performance of several machine-learning algorithms and witnesses that the hierarchical approach leads to improved performance w.r.t. the flat approach (up to +0.18 F1-score, depending on the granularity of the analysis and the machine learning algorithm considered). In addition, we evaluate the impact of a reject-option mechanism, showing the trade-off between classification accuracy and ratio of classified biflows.

Hierarchical Classification of Android Malware Traffic / Bovenzi, G.; Persico, V.; Pescape', A.; Piscitelli, A.; Spadari, V.. - (2022), pp. 1354-1359. (Intervento presentato al convegno 21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022 tenutosi a chn nel 2022) [10.1109/TrustCom56396.2022.00191].

Hierarchical Classification of Android Malware Traffic

Bovenzi G.
;
Persico V.;Pescape' A.;
2022

Abstract

In the last few years, Android mobile devices have encountered a large spread and nowadays a huge part of the traffic traversing the Internet is related to them. In parallel, the number of possible threats and attacks has also increased, thus emphasizing the need for accurate automatic malware detection systems. In this paper, we design and evaluate a system to detect whether a traffic object (biflow) is benign or malicious, possibly understanding its specific nature in the latter case. The proposal leverages machine learning in a hierarchical fashion, in order to capitalize on the structure of the traffic data and reap both design and performance benefits. The comparative evaluation - performed considering the public CICAndMal2017 dataset - assesses the performance of several machine-learning algorithms and witnesses that the hierarchical approach leads to improved performance w.r.t. the flat approach (up to +0.18 F1-score, depending on the granularity of the analysis and the machine learning algorithm considered). In addition, we evaluate the impact of a reject-option mechanism, showing the trade-off between classification accuracy and ratio of classified biflows.
2022
Hierarchical Classification of Android Malware Traffic / Bovenzi, G.; Persico, V.; Pescape', A.; Piscitelli, A.; Spadari, V.. - (2022), pp. 1354-1359. (Intervento presentato al convegno 21st IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2022 tenutosi a chn nel 2022) [10.1109/TrustCom56396.2022.00191].
File in questo prodotto:
File Dimensione Formato  
bovenzi2022hierarchical.pdf

solo utenti autorizzati

Tipologia: Versione Editoriale (PDF)
Licenza: Copyright dell'editore
Dimensione 1.44 MB
Formato Adobe PDF
1.44 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/953512
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 2
social impact