Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3213344.3213347acmconferencesArticle/Chapter ViewAbstractPublication PageseurosysConference Proceedingsconference-collections
research-article

Enabling GPU-assisted Antivirus Protection on Android Devices through Edge Offloading

Published: 10 June 2018 Publication History

Abstract

Antivirus software are the most popular tools for detecting and stopping malicious or unwanted files. However, the performance requirements of traditional host-based antivirus make their wide adoption to mobile, embedded, and hand-held devices questionable. Their computational- and memory-intensive characteristics, which are needed to cope with the evolved and sophisticated malware, makes their deployment to mobile processors a hard task. Moreover, their increasing complexity may result in vulnerabilities that can be exploited by malware.
In this paper, we first describe a GPU-based antivirus algorithm for Android devices. Then, due to the limited number of GPU-enabled Android devices, we present different architecture designs that exploit code offloading for running the antivirus on more powerful machines. This approach enables lower execution and memory overheads, better performance, and improved deployability and management. We evaluate the performance, scalability, and efficacy of the system in several different scenarios and setups. We show that the time to detect a malware is 8.4 times lower than the typical local execution approach.

References

[1]
Aafer, Y., Du, W., and Yin, H. Droidapiminer: Mining api-level features for robust malware detection in android. In International conference on security and privacy in communication systems (2013).
[2]
Anand, S., Naik, M., Harrold, M. J., and Yang, H. Automated concolic testing of smartphone apps. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (2012).
[3]
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., and Siemens, C. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In Ndss (2014).
[4]
Bremler-Barr, A., Harchol, Y., Hay, D., and Koral, Y. Deep Packet Inspection As a Service. In Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies (2014), CoNEXT.
[5]
Canfora, G., Medvet, E., Mercaldo, F., and Visaggio, C. A. Acquiring and analyzing app metrics for effective mobile malware detection. In Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics (2016).
[6]
Chun, B., Ihm, S., Maniatis, P., Naik, M., and Patti, A. CloneCloud: Elastic Execution Between Mobile Device and Cloud. Proceedings of the sixth conference on Computer systems (2011).
[7]
Dai, S., Tongaonkar, A., Wang, X., Nucci, A., and Song, D. Networkprofiler: Towards automatic fingerprinting of android apps. In Proceedings of INFOCOM (2013).
[8]
Duato, J., Pena, A. J., Silla, F., Mayo, R., and Qintana-Ort, E. S. rCUDA: Reducing the number of GPU-based accelerators in high performance clusters. In Proceedings of the 2010 International Conference on High Performance Computing and Simulation (2010).
[9]
Feng, Y., Bastani, O., Martins, R., Dillig, I., and Anand, S. Automated synthesis of semantic malware signatures using maximum satisfiability. arXiv preprint arXiv:1608.06254 (2016).
[10]
Flores, H., Su, X., Kostakos, V., Ding, A. Y., Nurmi, P., Tarkoma, S., Hui, P., and Li, Y. Large-scale offloading in the Internet of Things. In 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (2017).
[11]
Gascon, H., Yamaguchi, F., Arp, D., and Rieck, K. Structural detection of android malware using embedded call graphs. In Proceedings of the 2013 ACM workshop on Artificial intelligence and security (2013).
[12]
Kim, H., Smith, J., and Shin, K. G. Detecting energy-greedy anomalies and mobile malware variants. In Proceedings of the 6th international conference on Mobile systems, applications, and services (2008).
[13]
Kosta, S., Aucinas, A., Hui, P., Mortier, R., and Zhang, X. ThinkAir: Dynamic resource allocation and parallel execution in the cloud for mobile code offloading. In Proceedings of INFOCOM (2012).
[14]
Liu, L., Yan, G., Zhang, X., and Chen, S. Virusmeter: Preventing your cellphone from spies. In International Workshop on Recent Advances in Intrusion Detection (2009).
[15]
Machiry, A., Tahiliani, R., and Naik, M. Dynodroid: An input generation system for android apps. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (2013).
[16]
Mao, Y., Zhang, J., and Letaief, K. B. Dynamic Computation Offloading for Mobile-Edge Computing with Energy Harvesting Devices. IEEE Journal on Selected Areas in Communications (2016).
[17]
Montella, R., Ferraro, C., Kosta, S., Pelliccia, V., and Giunta, G. Enabling android-based devices to high-end GPGPUs, vol. 10048 LNCS. 2016.
[18]
Montella, R., Kosta, S., Oro, D., Vera, J., Fernández, C., Palmieri, C., Di Luccio, D., Giunta, G., Lapegna, M., and Laccetti, G. Accelerating Linux and Android applications on low-power devices through remote GPGPU offloading. Concurrency Computation (2017).
[19]
Oberheide, J., Cooke, E., and Jahanian, F. CloudAV: N-version Antivirus in the Network Cloud. In Proceedings of the 17th Conference on Security Symposium (2008), SS.
[20]
Portokalidis, G., Homburg, P., Anagnostakis, K., and Bos, H. Paranoid Android: versatile protection for smartphones. In Proceedings of the 26th Annual Computer Security Applications Conference (2010).
[21]
Reiter, A., and Zefferer, T. Flexible and secure resource sharing for mobile augmentation systems. In Proceedings - 2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, MobileCloud 2016 (2016).
[22]
Satyanarayanan, M., Bahl, V., Caceres, R., and Davies, N. The Case for VM-based Cloudlets in Mobile Computing. IEEE Pervasive Computing (2009).
[23]
Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E. P., and Ioannidis, S. Gnort: High Performance Network Intrusion Detection Using Graphics Processors. In Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (2008).
[24]
Vasiliadis, G., and Ioannidis, S. GrAVity: A Massively Parallel Antivirus Engine. In Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (2010), RAID.
[25]
Vasiliadis, G., Polychronakis, M., and Ioannidis, S. MIDeA: a multi-parallel intrusion detection architecture. In Proceedings of the 18th ACM conference on Computer and Communications Security (2011).
[26]
Wu, D.-J., Mao, C.-H., Wei, T.-E., Lee, H.-M., and Wu, K.-P. DroidMat: Android malware detection through manifest and api calls tracing. In Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference (2012).
[27]
Yan, Y., Grossman, M., and Sarkar, V. JCUDA: A programmer-friendly interface for accelerating java programs with CUDA. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2009.
[28]
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., and Porras, P. DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications. In European symposium on research in computer security (2014).
[29]
Yang, W., Xiao, X., Andow, B., Li, S., Xie, T., and Enck, W. AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context. In Proceedings of the 37th IEEE International Conference Software Engineering (2015).
[30]
Zhang, H., Cole, Y., Ge, L., Wei, S., Yu, W., Lu, C., Chen, G., Shen, D., Blasch, E., and Pham, K. D. ScanMe mobile: a cloud-based Android malware analysis service. ACM SIGAPP Applied Computing Review (2016).

Cited By

View all
  • (2024)Augmented future: tracing the trajectory of location-based augmented reality gaming for the next ten yearsi-com10.1515/icom-2024-001823:2(189-203)Online publication date: 14-May-2024
  • (2022)Scheduling of multiple network packet processing applications using PythiaComputer Networks10.1016/j.comnet.2022.109006212(109006)Online publication date: Jul-2022
  • (2020)TrustAVProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375748(39-48)Online publication date: 16-Mar-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
EdgeSys'18: Proceedings of the 1st International Workshop on Edge Systems, Analytics and Networking
June 2018
65 pages
ISBN:9781450358378
DOI:10.1145/3213344
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 June 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Android
  2. CUDA
  3. Edge Computing
  4. GPGPU
  5. Malware Detection
  6. Mobile
  7. Offloading

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

MobiSys '18
Sponsor:

Acceptance Rates

Overall Acceptance Rate 10 of 23 submissions, 43%

Upcoming Conference

EuroSys '25
Twentieth European Conference on Computer Systems
March 30 - April 3, 2025
Rotterdam , Netherlands

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 09 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Augmented future: tracing the trajectory of location-based augmented reality gaming for the next ten yearsi-com10.1515/icom-2024-001823:2(189-203)Online publication date: 14-May-2024
  • (2022)Scheduling of multiple network packet processing applications using PythiaComputer Networks10.1016/j.comnet.2022.109006212(109006)Online publication date: Jul-2022
  • (2020)TrustAVProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375748(39-48)Online publication date: 16-Mar-2020
  • (2020)D-GENE: Deferring the GENEration of Power Sets for Discovering Frequent Itemsets in Sparse Big DataIEEE Access10.1109/ACCESS.2020.29718348(27375-27392)Online publication date: 2020
  • (2020)Smartphone processor architecture, operations, and functions: current state-of-the-art and future outlook: energy performance trade-offThe Journal of Supercomputing10.1007/s11227-020-03312-zOnline publication date: 16-May-2020
  • (2019)A Novel Ad-Hoc Mobile Edge Cloud Offering Security Services Through Intelligent Resource-Aware OffloadingIEEE Transactions on Network and Service Management10.1109/TNSM.2019.293922116:4(1665-1680)Online publication date: Dec-2019
  • (2019)An Accelerated Edge Computing with a Container and Its Orchestration2019 International Conference on Information and Communication Technology Convergence (ICTC)10.1109/ICTC46691.2019.8939853(1283-1288)Online publication date: Oct-2019
  • (2018)Performance, Resilience, and Security in Moving Data from the Fog to the Cloud: The DYNAMO Transfer Framework ApproachInternet and Distributed Computing Systems10.1007/978-3-030-02738-4_17(197-208)Online publication date: 17-Oct-2018

View Options

Get Access

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media