EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion
No Thumbnail Available
Access rights
openAccess
Journal Title
Journal ISSN
Volume Title
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal
View/Open full text file from the Research portal
Other link related to publication
View publication in the Research portal
View/Open full text file from the Research portal
Other link related to publication
Date
2022-06
Department
Major/Subject
Mcode
Degree programme
Language
en
Pages
15
43-57
43-57
Series
Information Fusion, Volume 82
Abstract
Android has stood at a predominant position in mobile operating systems for many years. However, its popularity and openness make it a desirable target of malicious attackers. There is an increasing need for mobile malware detection. Existing analysis methods fall into two categories, i.e., static analysis and dynamic analysis. The dynamic analysis is more effective and timely than the static one, but it incurs a high computational overhead, thus cannot be deployed in resource-constrained mobile devices. Existing studies solve this issue by outsourcing malware detection to the cloud. However, the privacy of mobile app runtime data uploaded to the cloud is not well preserved during both detection model training and malware detection. Numerous efforts have been made to preserve privacy with cryptography, which suffers from high computational overhead and low flexibility. To address these issues, in this paper, we propose an Intel SGX-empowered mobile malware detection scheme called EPMDroid. We also design a probabilistic data structure based on cuckoo filters, named CuckooTable, to effectively fuse features for detection and achieve high space efficiency. We conduct both theoretical analysis and real-world data based tests on EPMDroid performance. Experimental results show that EPMDroid can speed up malware detection by up to 43.8 times and save memory space by up to 3.7 times with the same accuracy, as compared to a baseline method.Description
Funding Information: This work is supported in part by the National Natural Science Foundation of China under Grant 62072351 ; in part by the Academy of Finland under Grant 308087 , Grant 335262 and Grant 345072 ; in part by the open research project of ZheJiang Lab, China under Grant 2021PD0AB01 ; in part by the Shaanxi Innovation Team Project, China under Grant 2018TD-007 ; and in part by the 111 Project, China under Grant B16037 , as well as Huawei Technologies Group Co., Ltd, China . Funding Information: This work is supported in part by the National Natural Science Foundation of China under Grant 62072351; in part by the Academy of Finland under Grant 308087, Grant 335262 and Grant 345072; in part by the open research project of ZheJiang Lab, China under Grant 2021PD0AB01; in part by the Shaanxi Innovation Team Project, China under Grant 2018TD-007; and in part by the 111 Project, China under Grant B16037, as well as Huawei Technologies Group Co. Ltd, China. Publisher Copyright: © 2021
Keywords
Data fusion, Intel SGX, Malware detection, Privacy preservation, Probabilistic data structures
Other note
Citation
Wei, W, Wang, J, Yan, Z & Ding, W 2022, ' EPMDroid : Efficient and privacy-preserving malware detection based on SGX through data fusion ', Information Fusion, vol. 82, pp. 43-57 . https://doi.org/10.1016/j.inffus.2021.12.006