A Non-Intrusive Machine Learning Solution for Malware Detection and Data Theft Classification in Smartphones

TL;DR

This paper presents a non-intrusive machine learning approach that detects malware in smartphones and classifies stolen data types with high accuracy, using Android usage data from the SherLock framework.

Contribution

It introduces a novel, accessible ML solution for simultaneous malware detection and data theft classification on smartphones, utilizing publicly available Android usage data.

Findings

Less than 9% inaccuracy in malware detection

83% certainty in data theft classification

Effective on real-world multi-user data

Abstract

Smartphones contain information that is more sensitive and personal than those found on computers and laptops. With an increase in the versatility of smartphone functionality, more data has become vulnerable and exposed to attackers. Successful mobile malware attacks could steal a user's location, photos, or even banking information. Due to a lack of post-attack strategies firms also risk going out of business due to data theft. Thus, there is a need besides just detecting malware intrusion in smartphones but to also identify the data that has been stolen to assess, aid in recovery and prevent future attacks. In this paper, we propose an accessible, non-intrusive machine learning solution to not only detect malware intrusion but also identify the type of data stolen for any app under supervision. We do this with Android usage data obtained by utilising publicly available data collection framework- SherLock. We test the performance of our architecture for multiple users on real-world data collected using the same framework. Our architecture exhibits less than 9% inaccuracy in detecting malware and can classify with 83% certainty on the type of data that is being stolen.