The Intent in Android plays an important role in inter-process and intra-process communications. The implicit Intent that an application could accept are declared in its manifest and are amongst the easiest feature to extract from an apk. Implicit Intents could even be extracted online and in real-time. So far neither the feasibility of developing an Intrusion Detection System solely on implicit Intent has been explored, nor are any benchmarks available of a malware classifier that is based on implicit Intent alone. We demonstrate that despite Intent is implicit and well declared, it can provide very intuitive insights to distinguish malicious from non-malicious applications. We conducted exhaustive experiments with over 40 different end-to-end Deep Learning configurations of Auto-Encoders and Multi-Layer-Perceptron to create a benchmark for a malware classifier that works exclusively on implicit Intent. Using the results from the experiments we create an intrusion detection system using only the implicit Intents and end-to-end Deep Learning architecture. We obtained an area-under-curve statistic of 0.81, and accuracy of 77.2% along with false-positive-rate of 0.11 on Drebin dataset.
翻译:Android In Intent 的隐含意图,即一个应用程序可以接受的隐隐含意图,在进程间和过程内通信中起着重要作用。一个应用程序可以接受的隐含意图,是在其表面中宣布的,并且是从 apk 中提取的最容易特征之一。隐含意图甚至可以在线和实时提取。隐含意图,甚至可以在线和实时地提取。迄今为止,尚未探索开发仅针对隐隐含意图的入侵探测系统的可行性,也未探讨仅仅针对隐含意图的内隐含意图,也没有建立仅以隐隐含意图本身本身为基础的恶意分类器的任何基准。我们证明,尽管有意是隐含和明确宣布的,它能够提供非常直觉的洞知的洞见,将恶意与非恶意应用区别开来。我们与40多个自动- Enckers 和多-Layer-Perceptron的不同端到端到端深学习结构进行了彻底实验,以建立专以内隐隐含意图为基础的内入侵探测系统的可行性,也没有任何基准。我们利用实验结果创建了一个只使用隐含意图和最后到深学习结构的入侵探测系统,我们只使用隐含意图,我们只使用隐含意图和最后到最后到最后的内深学习结构,我们获得了0.1美元0.11(771)的域)DBR5GR5GRR5的772的0.1的772的0.1的域数据精确的域数据,我们0.1的0.1的0.1的域数据。