Researchers at Florida Polytechnic University have developed an artificial intelligence technique that can detect elusive malware.
The malware, remote access trojans (RATs), is found on Android devices. it’s often downloaded along with user-requested programs such as video games or sent as an attachment in phishing emails.
The research at Florida Poly could help protect users from cybercriminals who use RATs to steal personal information and control devices without detection.
Who are the researchers? They are Nesreen Dalhy, who just received her master’s degree in computer science at Florida Poly, and her computer science professor, Karim Elish, who has taught at Florida Poly for the past nine years.
As part of Dalhy’s masters thesis, the pair spent the past year finding better ways to detect RATs.
Why hunt RATs? “Remote access trojans are a significant cybersecurity threat,” Dalhy said in a news release.
“They are particularly hard to detect, remain persistent and attempt to steal as much of your data as possible. A lot of the existing research tries to identify general types of malware, but there isn’t much that specifically tries to detect RATs.”
“Android devices are the most widely used globally, making them a prime target for cybercriminals,” Elish said. “Protecting users from hidden malware like RATs is crucial to preserving digital privacy and security.”
RATSs “can silently run in the background of your phone and spy on you without you realizing it,” Dalhy said.
“Their stealth lies in bypassing permissions and mimicking legitimate app behavior,” Elish said.
What’s the solution? Dalhy and Elish trained a machine learning model to focus only on narrow samples of malware to identify and differentiate specific remote access trojan patterns.
Then they were able to analyze which malware exhibited RAT behavior.
Elish, an expert on Android security, said three models they developed detected RATS with 99% accuracy.
What about Apple devices? Elish said they’re open to expanding their scope to resolving the same issue on Apple devices.
“Apple’s closed ecosystem presents unique challenges in terms of data access, so it would require a different methodology,” he explained.
What’s Next: Dalhy and Elish presented their research at the industry-leading IEEE/ACIS International Conference on Software Engineering, Management and Applications in May.
“We aim to integrate our model into a lightweight mobile security app or application programming interface that can assist antivirus platforms. A prototype could be ready within 12 to 18 months,” Elish said.
“Malware is evolving rapidly. Academic-industry collaboration is essential to stay ahead. Our work is open to partnership.”
Dalhy said her immediate focus also is finding an entry-level cyber security job such as a security analyst.
Stephanie Claytor is a reporter for LkldNow, a nonprofit newsroom providing independent local news for Lakeland. Read at LkldNow.com.