Malwares are a major threat to the security of mobile devices, and Machine Learn- ing (ML) is a widespread approach to automatically detect them. However, running ML analysis pipelines can be excessively burdensome for energy-constrained mobile devices. On the other hand, completely off-loading all the analysis to a remote server can introduce unacceptable communication overheads and delays in the detection process. In this paper, we propose a multilevel approach for malware detection on mobile devices that combines a lightweight local analysis of static features with a more computationally expensive remote analysis of dynamic features, through the adoption of ML methods. However, the effectiveness of automatic malware detec- tion systems based on ML is often limited by unforeseen variations in the statistical characteristics of the observed data. This phenomenon, known as concept drift, can lead to a degradation of the performance of ML models over time. The proposed malware detection system is equipped with self-evaluation capabilities, enabling it to detect the occurrence of periods when its predictions become unreliable due to concept drift so that appropriate response strategies can be activated. In particular, when such critical events occur, the self-evaluation agent triggers the execution of an additional layer of analysis, hosted by a remote server, which allows the system to react to the unexpected reduction in its detection capabilities. The computational cost of the detection process is minimized by limiting the remote analysis to only those samples for which the analysis performed on-board the mobile device is likely to incorrectly classify the app.
Augello, A., De Paola, A., Lo Re, G. (2025). Hybrid Multilevel Detection of Mobile Devices Malware Under Concept Drift. JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 33(2) [10.1007/s10922-025-09906-3].
Hybrid Multilevel Detection of Mobile Devices Malware Under Concept Drift
Augello, Andrea
;De Paola, Alessandra;Lo Re, Giuseppe
2025-01-01
Abstract
Malwares are a major threat to the security of mobile devices, and Machine Learn- ing (ML) is a widespread approach to automatically detect them. However, running ML analysis pipelines can be excessively burdensome for energy-constrained mobile devices. On the other hand, completely off-loading all the analysis to a remote server can introduce unacceptable communication overheads and delays in the detection process. In this paper, we propose a multilevel approach for malware detection on mobile devices that combines a lightweight local analysis of static features with a more computationally expensive remote analysis of dynamic features, through the adoption of ML methods. However, the effectiveness of automatic malware detec- tion systems based on ML is often limited by unforeseen variations in the statistical characteristics of the observed data. This phenomenon, known as concept drift, can lead to a degradation of the performance of ML models over time. The proposed malware detection system is equipped with self-evaluation capabilities, enabling it to detect the occurrence of periods when its predictions become unreliable due to concept drift so that appropriate response strategies can be activated. In particular, when such critical events occur, the self-evaluation agent triggers the execution of an additional layer of analysis, hosted by a remote server, which allows the system to react to the unexpected reduction in its detection capabilities. The computational cost of the detection process is minimized by limiting the remote analysis to only those samples for which the analysis performed on-board the mobile device is likely to incorrectly classify the app.
| File | Dimensione | Formato | |
|---|---|---|---|
|
s10922-025-09906-3.pdf
accesso aperto
Tipologia:
Versione Editoriale
Dimensione
1.49 MB
Formato
Adobe PDF
|
1.49 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
