Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems

Haoyu Ma; Jianwen Tian; Kefan Qiu; David Lo; Debin Gao; Daoyuan Wu; Chunfu Jia; Thar Baker

doi:10.1109/TII.2020.3038745

Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems

Haoyu Ma, Jianwen Tian, Kefan Qiu, David Lo, Debin Gao, Daoyuan Wu, Chunfu Jia, Thar Baker

School of Arch, Tech and Eng

Research output: Contribution to journal › Article › peer-review

Abstract

Android as an operating system is now increasingly being adopted in industrial information systems, especially with cyber-physical systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicious applications targeting the platform. The existence of such malware threats, therefore, call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and Internet of Things (IoT) devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this article, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed that detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well-established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.

Original language	English
Article number	9262070
Pages (from-to)	5840-5850
Number of pages	11
Journal	IEEE Transactions on Industrial Informatics
Volume	17
Issue number	8
DOIs	https://doi.org/10.1109/TII.2020.3038745
Publication status	Published - 17 Nov 2020

Bibliographical note

Funding Information:
Manuscript received August 28, 2020; revised November 3, 2020; accepted November 11, 2020. Date of publication November 17, 2020; date of current version May 3, 2021. This work was supported in part by the National Research Foundation, Singapore under its AI Singapore Programme under Grant AISG Award No: AISG-100E-2018-004, in part by the National Natural Science Foundation of China under Grants 61702399 and 61972215, and in part by the National Key R&D Program of China under Grant 2018YFA0704703. Paper no. TII-20-4091. (Corresponding author: Chunfu Jia.) Haoyu Ma is with the School of Information Systems, Singapore Management University, Singapore and the School of Cyber Engineering, Xidian University, Xi’an 710071, China (e-mail: hyma@xidian.edu.cn).

Publisher Copyright:
© 2005-2012 IEEE.

Keywords

Android applications
artificial intelligence
behavior surveillance
cyber-physical systems
industrial information systems

Access to Document

10.1109/TII.2020.3038745

Cite this

@article{1cb64faa1d3f41c2abcc84f2c8426225,

title = "Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems",

abstract = "Android as an operating system is now increasingly being adopted in industrial information systems, especially with cyber-physical systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicious applications targeting the platform. The existence of such malware threats, therefore, call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and Internet of Things (IoT) devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this article, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed that detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well-established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.",

keywords = "Android applications, artificial intelligence, behavior surveillance, cyber-physical systems, industrial information systems",

author = "Haoyu Ma and Jianwen Tian and Kefan Qiu and David Lo and Debin Gao and Daoyuan Wu and Chunfu Jia and Thar Baker",

note = "Funding Information: Manuscript received August 28, 2020; revised November 3, 2020; accepted November 11, 2020. Date of publication November 17, 2020; date of current version May 3, 2021. This work was supported in part by the National Research Foundation, Singapore under its AI Singapore Programme under Grant AISG Award No: AISG-100E-2018-004, in part by the National Natural Science Foundation of China under Grants 61702399 and 61972215, and in part by the National Key R&D Program of China under Grant 2018YFA0704703. Paper no. TII-20-4091. (Corresponding author: Chunfu Jia.) Haoyu Ma is with the School of Information Systems, Singapore Management University, Singapore and the School of Cyber Engineering, Xidian University, Xi{\textquoteright}an 710071, China (e-mail: hyma@xidian.edu.cn). Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2020",

month = nov,

day = "17",

doi = "10.1109/TII.2020.3038745",

language = "English",

volume = "17",

pages = "5840--5850",

journal = "IEEE Transactions on Industrial Informatics",

issn = "1551-3203",

number = "8",

}

TY - JOUR

T1 - Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems

AU - Ma, Haoyu

AU - Tian, Jianwen

AU - Qiu, Kefan

AU - Lo, David

AU - Gao, Debin

AU - Wu, Daoyuan

AU - Jia, Chunfu

AU - Baker, Thar

N1 - Funding Information: Manuscript received August 28, 2020; revised November 3, 2020; accepted November 11, 2020. Date of publication November 17, 2020; date of current version May 3, 2021. This work was supported in part by the National Research Foundation, Singapore under its AI Singapore Programme under Grant AISG Award No: AISG-100E-2018-004, in part by the National Natural Science Foundation of China under Grants 61702399 and 61972215, and in part by the National Key R&D Program of China under Grant 2018YFA0704703. Paper no. TII-20-4091. (Corresponding author: Chunfu Jia.) Haoyu Ma is with the School of Information Systems, Singapore Management University, Singapore and the School of Cyber Engineering, Xidian University, Xi’an 710071, China (e-mail: hyma@xidian.edu.cn). Publisher Copyright: © 2005-2012 IEEE.

PY - 2020/11/17

Y1 - 2020/11/17

N2 - Android as an operating system is now increasingly being adopted in industrial information systems, especially with cyber-physical systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicious applications targeting the platform. The existence of such malware threats, therefore, call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and Internet of Things (IoT) devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this article, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed that detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well-established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.

AB - Android as an operating system is now increasingly being adopted in industrial information systems, especially with cyber-physical systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicious applications targeting the platform. The existence of such malware threats, therefore, call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and Internet of Things (IoT) devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this article, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed that detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well-established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.

KW - Android applications

KW - artificial intelligence

KW - behavior surveillance

KW - cyber-physical systems

KW - industrial information systems

UR - http://www.scopus.com/inward/record.url?scp=85097173751&partnerID=8YFLogxK

U2 - 10.1109/TII.2020.3038745

DO - 10.1109/TII.2020.3038745

M3 - Article

SN - 1551-3203

VL - 17

SP - 5840

EP - 5850

JO - IEEE Transactions on Industrial Informatics

JF - IEEE Transactions on Industrial Informatics

IS - 8

M1 - 9262070

ER -

Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this