Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.

SpotCheck: On-Device Anomaly Detection for Android


In recent years the PC has been replaced by mobile devices formany security sensitive operations, both from a privacy and a financial standpoint. Therefore the stark increase in malware targeting Android, the mobile OS with the largest market share, wasbound to happen. While device vendors are taking their precautions with app-store and on-device scanning, limitations abound,mainly related to the malware signature-based detection approach.This situation calls for an additional protection layer that detects unknown malware that breaches existing countermeasures. In this work we propose SpotCheck, an anomaly detector intended to run on Android devices. It samples app executions and submits any suspicious apps to more thorough processing by malwares and boxes. We compare Kernel Principal Component Analysis(KPCA) and Variational Autoencoders (VAE) on app execution representations based on the well-known system call traces, as well as a novel approach based on memory dumps. Results show that whenusing VAE, SpotCheck attains a level of effectiveness comparable to what has been previously achieved for network anomaly detection. Even more interesting, the KPCA anomaly detector managed comparable effectiveness even for the experimental memory dump approach. Overall, these promising results present a solid platform upon which to strive for an improved design.

Authors: Mark Vella; Christian Colombo.

Conference: 13th International Conference on Security of Information and Networks.

Date of Publication: November 2020.

Publisher: ACM.

Slide 1
Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2022 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.