loading page

An ML-Based Recognizer of Exfiltration Attack over Android Platform: MLGuard
  • +3
  • Martina Morcos ,
  • Mirko Gala ,
  • Hussam Al Hamadi ,
  • sivaprasad nandyala ,
  • brian mcgillion ,
  • Ernesto Damiani
Martina Morcos
Author Profile
Mirko Gala
Author Profile
Hussam Al Hamadi
University of Dubai, University of Dubai

Corresponding Author:[email protected]

Author Profile
sivaprasad nandyala
Author Profile
brian mcgillion
Author Profile
Ernesto Damiani
Author Profile


As Android smartphones continue to rise in popularity, the number of malicious programs targeting the platform has increased dramatically. Methods for efficiently detecting and preventing the spread of Android malware have become a subject of increasing urgency. The exfiltration of sensitive data from smartphones is one of the sophisticated security threats that need to be addressed. In this paper, we analyzed the 3-grams of system calls, and developed a framework for identifying malicious Android applications that engage in network data exfiltration. Androzoo, a recently made public database, serves as the foundation for our exfiltration dataset. The majority of published works rely on data acquired from Android emulators and user input simulation. As part of our research, we collect data on the behavior of exfiltration attempts only in real-world interaction, as opposed to data from emulators or virtual environments. Using these dynamic variables, we employ cutting-edge machine learning and deep learning classifiers, including Random Forest and deep neural network. It obtains an exfiltration detection accuracy of 98.9 percent using 20s time windows for detection. In addition, we applied our trained model on Android phones and attained minimal latency and high detection accuracy for unknown exfiltration applications.