06-05-2025
RIT Dubai research aims to boost security for Android users - Middle East Business News and Information
Study aids the detection of riskware to help reduce cyberattacks
A research project led by the Rochester Institute of Technology (RIT) of Dubai has provided critical insights into Android's malware ecosystem, to help boost security and protect users from cyberattacks. The project is expected to help improve the detection and prevention of cyber threats and raise awareness among users on how they can better safeguard their devices.
Conducted by RIT Dubai Professor of Computing Security, Dr. Mohammed Al Ani, in collaboration with Abu Dhabi University faculty, the research looked specifically at riskware, which is one of the major security challenges for Android systems. The project deployed explainable machine learning technology to cluster riskware families based on their behaviors.
Speaking about the rationale for the project, Dr. Al Ani said, 'The Android operating system has become increasingly popular, and due to its open-source nature and significant market share, Android poses an attractive target for malicious actors. Although riskware constitutes a considerable portion of Android's malware vulnerabilities, it has not been studied as extensively as other types of malware such as ransomware and trojans.'
He continued, 'Riskware is usually used in one stage of a larger attack; it is a tool that provides a gateway to allow attackers to gain more access than they should, by using applications that look benign but can be misused. Until now, most studies have focussed on the final stages of the attack, but if threats can be detected in the earlier stages there is more opportunity to intervene, which is why we wanted to explore this under-researched area.'
Explaining the threats that riskware can present, Dr. Al Ani said, 'Riskware refers to applications that may pose a security threat due to their vulnerability and potential for misuse. For example, you might download a simple application like a daily planner, but if it is granted access to a lot of additional information such as contacts and photos, it can download more malicious malware that could infect your device with ransomware or use it to send spam.'
The research project applied a unique blend of techniques, never previously used in combination, to discover how different families of malware act. Clustering the families based on behaviors rather than codes, the study explored differentiating characteristics, such as how much memory they consume and how much information they send and receive over the Internet. The resulting paper, 'Behavioral Analysis of Android Riskware Families Using Clustering and Explainable Machine Learning', delivers new insights in the fight against malware.
While the primary goal of the research is to help developers build more robust protection and detection system, Dr. Al Ani also hopes that it will help to raise public awareness of the threats. He concluded, 'Attackers are constantly changing their techniques, and consumers need to be vigilant when downloading applications. Users should be suspicious if an application asks for access to other content on the device that it does not need to fulfil its function. It's very important to check that the application is from a trusted source before downloading and granting additional access.'