Android as an operating system is now increasingly being adopted in industrial information systems, especially with cyber-physical systems (CPS). This also puts Android devices onto the front line of handling security-related data and conducting sensitive behaviors, which could be misused by the increasing number of polymorphic and metamorphic malicious applications targeting the platform. The existence of such malware threats, therefore, call for more accurate identification and surveillance of sensitive Android app behaviors, which is essential to the security of CPS and Internet of Things (IoT) devices powered by Android. Nevertheless, achieving dynamic app behavior monitoring and identification on real CPS powered by Android is challenging because of restrictions from the security and privacy model of the platform. In this article, the authors investigate how the latest advances in deep learning could address this security problem with better accuracy. Specifically, a deep learning engine is proposed that detects sensitive app behaviors by classifying patterns of system-wide statistics, such as available storage space and transmitted packet volume, using a customized deep neural network based on existing models called Encoder and ResNet. Meanwhile, to handle resource limitations on typical CPS and IoT devices, sparse learning is adopted to reduce the amount of valid parameters in the trained neural network. Evaluations show that the proposed model outperforms a well-established group of baselines on time series classification in identifying sensitive app behaviors with background noise and the targeted behaviors potentially overlapping.
Bibliographical noteFunding Information:
Manuscript received August 28, 2020; revised November 3, 2020; accepted November 11, 2020. Date of publication November 17, 2020; date of current version May 3, 2021. This work was supported in part by the National Research Foundation, Singapore under its AI Singapore Programme under Grant AISG Award No: AISG-100E-2018-004, in part by the National Natural Science Foundation of China under Grants 61702399 and 61972215, and in part by the National Key R&D Program of China under Grant 2018YFA0704703. Paper no. TII-20-4091. (Corresponding author: Chunfu Jia.) Haoyu Ma is with the School of Information Systems, Singapore Management University, Singapore and the School of Cyber Engineering, Xidian University, Xi’an 710071, China (e-mail: firstname.lastname@example.org).
© 2005-2012 IEEE.
- Android applications
- artificial intelligence
- behavior surveillance
- cyber-physical systems
- industrial information systems