DeepIntent: ImplicitIntent based Android IDS with E2E Deep Learning architecture

TL;DR

This paper introduces DeepIntent, an Android intrusion detection system that uses only implicit Intent data and deep learning models, achieving promising accuracy and low false positives.

Contribution

It is the first to explore malware detection solely based on implicit Intent data using end-to-end deep learning architectures.

Findings

Achieved an AUC of 0.81 in malware detection.

Attained 77.2% accuracy with a 0.11 false-positive rate.

Developed a new benchmark for implicit Intent-based malware classification.

Abstract

The Intent in Android plays an important role in inter-process and intra-process communications. The implicit Intent that an application could accept are declared in its manifest and are amongst the easiest feature to extract from an apk. Implicit Intents could even be extracted online and in real-time. So far neither the feasibility of developing an Intrusion Detection System solely on implicit Intent has been explored, nor are any benchmarks available of a malware classifier that is based on implicit Intent alone. We demonstrate that despite Intent is implicit and well declared, it can provide very intuitive insights to distinguish malicious from non-malicious applications. We conducted exhaustive experiments with over 40 different end-to-end Deep Learning configurations of Auto-Encoders and Multi-Layer-Perceptron to create a benchmark for a malware classifier that works exclusively on implicit Intent. Using the results from the experiments we create an intrusion detection system using only the implicit Intents and end-to-end Deep Learning architecture. We obtained an area-under-curve statistic of 0.81, and accuracy of 77.2% along with false-positive-rate of 0.11 on Drebin dataset.