Mobile banking security has witnessed significant R&D attention from both financial institutions and academia.This is due to the growing number of mobile baking applications and their reachability and usefulness t...Mobile banking security has witnessed significant R&D attention from both financial institutions and academia.This is due to the growing number of mobile baking applications and their reachability and usefulness to society.However,these applications are also attractive prey for cybercriminals,who use a variety of malware to steal personal banking information.Related literature in mobile banking security requiresmany permissions that are not necessary for the application’s intended security functionality.In this context,this paper presents a novel efficient permission identification approach for securing mobile banking(MoBShield)to detect and prevent malware.A permission-based dataset is generated for mobile banking malware detection that consists large number of malicious adware apps and benign apps to use as training datasets.The dataset is generated from 1650 malicious banking apps of the Canadian Institute of Cybersecurity,University of New Brunswick and benign apps from Google Play.A machine learning algorithm is used to determine whether amobile banking application ismalicious based on its permission requests.Further,an eXplainable machine learning(XML)approach is developed to improve trust by explaining the reasoning behind the algorithm’s behaviour.Performance evaluation tests that the approach can effectively and practically identify mobile banking malware with high precision and reduced false positives.Specifically,the adapted artificial neural networks(ANN),convolutional neural networks(CNN)and XML approaches achieve a higher accuracy of 99.7%and the adapted deep neural networks(DNN)approach achieves 99.6%accuracy in comparison with the state-of-the-art approaches.These promising results position the proposed approach as a potential tool for real-world scenarios,offering a robustmeans of identifying and thwarting malware inmobile-based banking applications.Consequently,MoBShield has the potential to significantly enhance the security and trustworthiness of mobile banking platforms,mitigating the risks posed by cyber threats and ensuring a safer user experience.展开更多
基金the Deanship of Scientific Research(DSR),King Khalid University,Abha,under Grant No.RGP.1/260/45The author,therefore,gratefully acknowledges the DSR’s technical and financial support.
文摘Mobile banking security has witnessed significant R&D attention from both financial institutions and academia.This is due to the growing number of mobile baking applications and their reachability and usefulness to society.However,these applications are also attractive prey for cybercriminals,who use a variety of malware to steal personal banking information.Related literature in mobile banking security requiresmany permissions that are not necessary for the application’s intended security functionality.In this context,this paper presents a novel efficient permission identification approach for securing mobile banking(MoBShield)to detect and prevent malware.A permission-based dataset is generated for mobile banking malware detection that consists large number of malicious adware apps and benign apps to use as training datasets.The dataset is generated from 1650 malicious banking apps of the Canadian Institute of Cybersecurity,University of New Brunswick and benign apps from Google Play.A machine learning algorithm is used to determine whether amobile banking application ismalicious based on its permission requests.Further,an eXplainable machine learning(XML)approach is developed to improve trust by explaining the reasoning behind the algorithm’s behaviour.Performance evaluation tests that the approach can effectively and practically identify mobile banking malware with high precision and reduced false positives.Specifically,the adapted artificial neural networks(ANN),convolutional neural networks(CNN)and XML approaches achieve a higher accuracy of 99.7%and the adapted deep neural networks(DNN)approach achieves 99.6%accuracy in comparison with the state-of-the-art approaches.These promising results position the proposed approach as a potential tool for real-world scenarios,offering a robustmeans of identifying and thwarting malware inmobile-based banking applications.Consequently,MoBShield has the potential to significantly enhance the security and trustworthiness of mobile banking platforms,mitigating the risks posed by cyber threats and ensuring a safer user experience.
