Cyber Security of Mobile Applications Using

Artificial Intelligence
2022 International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI) | 979-8-3503-3274-2/22/$31.00 ©2022 IEEE | DOI: 10.1109/EICEEAI56378.2022.10050484

Dr.Tariq Bishtawi Mrs.Reem Alzu’bi

Telecommunication and Computer Networks Engineering Telecommunication and Computer Networks Engineering
Arab University College of Technology (AUCT) Arab University College of Technology (AUCT)
Jordan, Amman Jordan, Amman
[email protected] [email protected]

Abstract- In recent years, the number of cyber- since they may hold a significant quantity of private,
attacks has increased dramatically. Due to the critical, and sensitive information. Mobile technology
widespread use of mobile devices, as well as the has assimilated into society and, for some, has become
increasing popularity of mobile services, there are a necessary tool. However, these gadgets have more
serious challenges in the field of cybersecurity. vulnerabilities due to their intricate design and
improved functionality. Mobile technology is an
Traditional cybersecurity systems fail to detect alluring, practical, and lucrative target for anyone
malware and complex unknown attacks and do not interested in attacking it due to these vulnerabilities
guarantee user privacy is preserved. and the growing market share. If these devices are
In the field of smartphone computing, artificial hacked, both people and the community might
intelligence (AI) methods have expanded rapidly in experience severe repercussions [1]. That’s why the
recent years, often enabling devices to operate in an importance of employing modern technology AI and
intelligent manner. Security against cyber-attacks on a cyber security in protecting the information of mobile
large number of important mobile applications is a devices.
necessity in today's digital age. This paper presents Cybersecurity is a defense that guards against
how employees are using AI techniques to maintain information exposure, hackers, unauthorized access,
cybersecurity in mobile applications using machine and service disruption for computer systems,
learning (ML), deep learning (DL), and artificial networks, and electronic data. Different scholars have
neural network (ANN). offered distinct definitions of cybersecurity. Taking
This paper describes an ANN to simulate a neuron into account all the relevant concepts, Sarker et al.
in a mathematical equation, in which massive amounts (2021) proposed a generic definition of cybersecurity.
of data are read to reach the desired result. ANNs are [2] Information security, network security, operational
very useful in intrusion detection systems (IDS), security, application security, Internet of Things (IoT)
mobile application security, and privacy breaches. We security, cloud security, and infrastructure security are
will also use supervised learning techniques in all included in the definition of cybersecurity given by
cybersecurity to identify malware and protect privacy. Sarker et al. in 2021. [3] As a result, we must devise a
strategy to counter brand-new malware and cyber
Keywords - Artificial Intelligent (AI), Machine threats. One strategy that may be utilized to improve
Learning (ML), Deep Learning (DL), Artificial Neural cybersecurity is artificial intelligence (AI) (Soni,
Network (ANN), cybersecurity, Mobile applications. 2020). Two recently emerging branches of AI,
machine learning (ML) and deep learning (DL), have
I. INTRODUCTION shown to be quite successful at thwarting cyberattacks
Modern mobile devices are significantly more (Zeadally et al., 2020). [4, 5]
useful than older mobile phones and are well
incorporated into the Internet. They are being utilized John McCarthy first proposed the concept of
more and more like personal computers (PCs), which artificial intelligence (AI) in 1956; it is the science and
might make them vulnerable to dangers or hackers that engineering of creating intelligent autonomous
impact PCs that are online. Mobile devices are prime security systems. The basic goal of artificial
targets for hackers looking to take advantage of them intelligence (AI) is to teach computers to think, learn,

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on October 15,2023 at 12:55:36 UTC from IEEE Xplore. Restrictions apply.
 act, and behave intelligently and cognitively like
humans (Tuang et al., 2020). In the current digital era,
artificial intelligence (AI) offers services in a number
of fields, including computer vision, pattern
recognition, expert systems, language processing and
translation, speech recognition, biometric systems,
robotics, Internet of Things (IoT), and other related
disciplines (Shamiulla, 2019). A significant area of
computer science called artificial intelligence (AI)
works with autonomous, intelligent systems that
resemble human brains (Helm et al., 2020). [6]

AI may be used in a variety of ways to improve

mobile device cyber security. Even the invaders or Fig. 1. Mobile Applications Attacks
attackers will use new developments in information
The most common, most harmful, and most varied
comprehension design and handling, as well as in
faults are injection flaws (SQL injection, code
machine learning, will significantly enhance the
injection, XSS, XPath, etc). If there are no server-side
capability of digital security of frameworks that may
safeguards in place, they entail an attacker submitting
use them.
back-end requests or orders to run malicious malware.
This study focuses on methods that used AI in For instance, in a SQL injection attack, an attacker can
cybersecurity on mobile devices to support and extract database records or change the contents of the
improve the degree of privacy and security of sensitive database by modifying a SQL query. [8]
and private information on mobile devices from
Additionally, IDOR (Insecure Direct Object
attackers or hackers. [7] The paper consists of sections
Reference) attacks are predicated on the same kind of
arranged in the following order: Section II presents the
vulnerability. By depending on the lack of server-side
problem formulation, the papers are discussed in the
permissions management, a user has the ability to alter
literature review in Section III, Section IV explains the
an application's behavior, host malware, steal, edit, or
methods and techniques based on AI in cybersecurity
destroy sensitive data.
on mobile devices, Section V concludes the paper.
Different sorts of data (cookies, text files, settings,
II. PROBLEM FORMULATION etc.) can be stored by a mobile application using a
Due to the processing of sensitive data, access to variety of storage media, including a SQL database,
personal data, and the potential for remote device data warehouse, XML file, PLIST file, SD card, and
control, mobile applications are among the elements others. To ensure the secrecy of the sensitive data
that must be secure. They are widely utilized for IoT utilized in the application, effective encryption is a
devices, and many FinTech, HealthTech, and must.
advanced businesses from other industries rely on
them as the foundation of their business models. For Man-in-the-middle attacks programs rely on server
this, there are many attack resources on mobile connectivity for their functionality. An application
applications for various purposes based on the attack delivers or receives many sorts of data, such as login
target as in fig. 1. credentials, user session data, personal data, financial
data, etc., depending on the needs of the company. The
The server is a crucial component of how an protocol used for client-server communication is
application works, making it a popular target for HTTP. However, because this protocol lacks any
assaults. These attacks frequently succeed because of internal security measures, messages might possibly
flaws in the setup or controls of the server. Numerous be intercepted, altered, or diverted.
holes can be exploited in the case of improper
configuration or if controls are not implemented, The majority of mobile applications make use of
which might result in the breach of data transmission third-party libraries, frameworks, APIs, etc. The
or even the server being taken over by hostile actors. amount of time between the design of an application

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on October 15,2023 at 12:55:36 UTC from IEEE Xplore. Restrictions apply.
 and its release is significantly decreased by the usage One of the most important objectives of our study
of these components. However, they may provide a in this paper is to focus on the security of smart
serious security risk due to the potential for a number applications, which aims to provide an overview of
of vulnerabilities, including injections, XSS, how artificial intelligence-based modeling in addition
misconfiguration, etc. [9] to protecting mobile phone data by looking at the
different technologies that can be used to develop and
Our primary goal is to research modern and diverse design smart mobile applications, to improve human
methods that work well and areinterconnected in the life in various fields and protect his data.
smart modeling of artificial intelligence based on
mobile applications and data security in our time, III. LITERATURE REVIEW
especially in the environment of theInternet of Things
(IoT) and smartphones, where these devices are E. Hodo et. Al (2017) introduced a neural network-
known as one of the most important IoT devices. based method for DDoS/DOS intrusion detection on
Hence, we also present the scope of our study. IoT networks. Over 99% accuracy was shown when
Today, smartphones and various non-desktop the ANN model was verified against a simulated
applications are used in a huge variety of Internet of Things network. It was able to recognize
environments, and this employment is moving towards several attack types with success and had strong
intelligent, ubiquitous, and context-sensitive findings in terms of both true and false testing
computing. The main issue in this emerging field of approaches. [12]
research is the ability to effectively protect mobile data O. Vermesan et. al. (2012), presented the
and enhance the behavior of any application by background of Emerging Electronic Applications and
informing it of surrounding contextual information Sensors, IoT is about connecting established systems.
such as device context, social, spatial, environmental, This collaborates on two growing technologies that
temporal context, etc. Usually, by context, we refer to include wireless connectivity and smart sensors. These
any information that characterizes a situation related well-established linked technology systems are built
to the interaction between humans, applications, and on microcomputers with precise control that require no
the surrounding environment. [10] human limitations. Communications and interactions
This paper is concerned with mobile applications between humans and schematic classes contain
related to artificial intelligence, which depend on the uncovered devices that are technically advanced and
nature of contextual data, and the characteristics of used with different devices. [13]
artificial intelligence that can play an important role in In [14], the Technical Information Paper (TIP)
building an effective model in the field of suggested how limited user awareness and subsequent
cybersecurity. The reasons for using AI in mobile insecure behavior may be the most threatening
systems and applications can be summarized as vulnerabilities for mobile devices. It is important to
follows - To enable effective mobile development, understand that a mobile device is no longer just a
smartphone applications should be made as smart and phone and cannot be treated as such. Unlike the
secure environments of software that can make previous generation of cell phones that were at worst
decisions and predict future outcomes according to vulnerable to local Bluetooth hijacking, modern
users' needs. internet-connected mobile devices are vulnerable to
surreptitious scanning, identification, and exploitation
• Providing intelligent and automated services as
by hackers from anywhere on the Internet. Phil Borras.
well as complex problems in this mobile field
Many mitigation techniques for mobile devices are
by understanding real-world problems.
similar to those for computers.
• Enables more secure smartphones with
predictive analytics by looking at potential L. Cao [15] discussed “data science, which they
threats in real time. defined as an interdisciplinary field that brings
together and builds on informatics, communications,
After covering all these topics, this paper aims to
computing, statistics, management, and sociology to
provide a useful tool through which researchers and
study data and its environments, to transform data into
cybersecurity professionals can study the Internet of
insights and decisions by following data to cognitive
Things in the context of cybersecurity and artificial
reasoning to wisdom and methodology.” As a high-
intelligence in order to secure IoT systems. [11]

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on October 15,2023 at 12:55:36 UTC from IEEE Xplore. Restrictions apply.
 level statement, it is the study of data to provide data- The amount of vulnerabilities that attackers may
driven solutions to specific problems, it is also known exploit, including zero-day exploits, has also
as "data science". expanded with the rising usage of technology,
particularly technologies with lower security
Various data sources have been taken into requirements like mobile devices and associated apps.
consideration to conduct a number of research on Attackers frequently utilize artificial intelligence to
mobile systems and services. For example, context swiftly uncover security holes in order to exploit them
data related to a user's phone call activities as well as far faster than developers can repair them. [17]
metadata related to the call are all stored in the phone
call logs. Other types of contextual records such as the B. Deep learning Modeling
user's social relationship and the location of the caller
identified by the individual's unique dial-up number Through the process of "machine learning," a
can also be stored by smartphones as well. computer may analyze and make use of fresh data
without the need for constant human input. A digital
IV. RESEARCH METHODS platform can analyze and "understand" data from
This research focuses on three methods: machine enormous information repositories using sophisticated
learning, artificial neural network, and deep learning. algorithms, which enables it to draw certain
conclusions and spot patterns.
A. Machine learning modeling
The system examines these patterns, sorts them
Mobile devices can learn, explore, and visualize into categories based on certain standards, and then
outcomes automatically without user intervention draws inferences or makes assumptions. To keep data,
thanks to machine learning (ML), which includes deep secure on most levels, typical machine learning
neural network learning. In order to offer mobile involves teaching a computer to decipher information
consumers individualized ideas and that humans have previously classified. The field of
recommendations, machine learning algorithms, for machine learning is now the most important one in
instance, can assess target user activity patterns cybersecurity driven by AI.
utilizing phone history data. A set of data about the
target applications from multiple linked sources, such Since deep learning is a subset of machine
as phone records, sensors, external sources, etc., learning, it is at a higher level in the pyramid. The
makes up a machine learning model often used for primary distinction between them is that deep learning
developing smart apps. Supervised learning is used makes use of neural networks, a sophisticated set of
when particular target classes are chosen for access algorithms whose development was motivated by the
from a given set of inputs in order to construct a model functioning of the human brain. It's a more
utilizing the gathered data. sophisticated technology that can learn from data
without precise programming instructions. We will
Depending on the intended application and primarily concentrate on the larger field of machine
associated data characteristics, machine learning and learning as deep learning in cybersecurity now falls
deep learning approaches are helpful for developing within its purview. [18]
AI-based models to comprehend and evaluate real-
world events utilizing mobile data. As a result, The representation is changed from one more
machine learning models and associated mobile apps concrete level of the NN to the next using various
that closely reflect reality are capable of making wise modules in deep learning techniques. While the last
data-driven judgments in applications and acting in level creates the results, the first level gets the raw
accordance with user demands. [16] input data. To understand really complicated models,
it is necessary to combine numerous stages. For
To find weaknesses in a system, machine learning classification tasks that take into account the input's
may be employed. Attackers also utilize this method characteristics since they are important for
to find and exploit vulnerabilities in their target discriminating and suppressing minute fluctuations,
system, even while it might be helpful for people higher layers of representation are employed. What
seeking to safeguard a system to intelligently search matters is that feature layers automatically configure
for flaws that need patching.

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on October 15,2023 at 12:55:36 UTC from IEEE Xplore. Restrictions apply.
 themselves from data, rather than being actively built
by engineers.

The four fundamental categories for DL

approaches are reinforcement, unsupervised, semi-
supervised, and supervised learning, similar to ML
approaches. [19]

For the protection of privacy and the identification

of malware, supervised learning techniques are
frequently utilized in the field of cybersecurity.
Applications for Android have been suggested using
semi-supervised learning. While in IoT scenarios and
Fig. 3. Artificial Neural Networks
for network intrusion detection, unsupervised learning
is favored. As seen in Fig. 2, machine learning and CCNN offers a scalable and runtime-adaptable
deep learning. system in this way. The CCNN only uses new data to
train the network; it ignores the whole network's
training set of old data. This allows it to train from
desktop-platform mobility patterns to recognize port
scanning on mobile networks. This study demonstrates
that ANN port-identification scanning's and
evaluation are equivalent to those of other strategies
like decision trees. [20]

V. CONCLUSION
One of the most dangerous weaknesses of mobile
devices may be limited user awareness and resultant
unsafe conduct. Modern mobile devices that are linked
Fig. 2. Machine Learning and Deep Learning
to the internet are subject to covert scanning,
C. Artificial Neural Network (ANN) identification, and exploitation by hackers from
anywhere on the Internet.
An artificial neural network (ANN) approach is
used to simulate neurons in a mathematical equation, Our major objective was to present an overview of
reading huge amounts of data to arrive at the desired how AI may be utilized to create and decipher data-
result. ANNs are very competent in comprehending, driven smart mobile applications that can be used to
picking up on, and resolving issues in a variety of enhance people's lives. For this, we developed an AI-
fields. Additionally, it can resolve samples of based model that makes use of techniques for machine
incomplete and noisy data. ANN has been utilized in learning as well as deep learning and the idea of an
the initial phases like the warning, prevention, or artificial neural network. [21] Cybersecurity systems
detection of the cyber security architecture. For mobile have used machine learning approaches to deal with
applications, ANNs are highly helpful in intrusion these issues, although they have had little success
detection systems (IDS) and hack the security of defending against unforeseen threats. Deep learning
privacy applications. ANNs may be able to learn from technologies, on the other hand, are enhancing
previous network activity to thwart emerging attacks learning processes and showing promising outcomes
as in fig. 3. in a variety of applications, including cybersecurity.

Panchev, Lebiere, and Fahlman used the Cascade REFERENCES

Correlation Neural Network (CCNN) in their [1] V. Ganesan, (2022) "Machine Learning in Mobile
cybersecurity research to gradually add more hidden Applications", International Journal of Computer
units to the hidden layer. This technique expands the Science and Mobile Computing, vol. 11, no. 2.
network with new hidden nodes as new events are
discovered, training those nodes using the recently [2] I. Sarker, M. Hoque, M. Uddin and T. Alsanoosy,
gathered data. (2021) "Mobile Data Science and Intelligent Apps:

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on October 15,2023 at 12:55:36 UTC from IEEE Xplore. Restrictions apply.
 Concepts, AI-Based Modeling and Research [12] Hodo E.; Bellekens X.; Hamilton A.; Dubouilh
Directions", Mobile Networks and Applications, vol. P. L. , (2017) Threat analysis of IoT networks using
26, no. 1, pp. 285-303. artificial neural network intrusion detection system.
In Proceedings of the International Symposium on
[3] Sarker I.H., Badsha S., Alqahtani H., Watters P., Networks, Computers and Communications
(2021) Cybersecurity data science: an overview from (ISNCC), Yasmine Hammamet, Tunisia; pp. 1–6.
machine learning perspective. JournalofBig Data7(1).
[13] O. Vermesan, P. Friess, and P. Guillemin, (2012)
[4] Soni, V. D. (2020). Challenges and Solution for “Internet of things strategic research roadmap,” Global
Artificial Intelligence in Cybersecurity of the USA. Technological and Societal Trends, vol. 1, pp. 9–52.
[5] S. Zeadally, E. Adi, Z. Baig and I. A. Khan, (2020) [14] Paul Ruggiero and Jon Foote, (2011), "Technical
"Harnessing Artificial Intelligence Capabilities to Information Paper: Cyber Threats to Mobile Devices".
Improve Cybersecurity", in IEEE Access, vol. 8, pp.
23817-23837. [15] Cao L. (2017) Data science: a comprehensive
overview. ACM. Computing Surveys (CSUR)50(3):43
[6] Helm J. M., Swiergosz A. M., Haeberle H. S.,
Karnuta J. M., (2020). Machine learning and artificial [16] Kivimaa, J., Ojamaa, A., & Tyugu, E. (2010).
intelligence: definitions, applications, and future Graded security expert system. In International
directions. Current reviews in musculoskeletal Workshop on Critical Information Infrastructures
medicine, 13(1). Security (pp. 279-286).

[7] X. Xu, Q. Liu, X. Zhang, J. Zhang, L. Qi, and W. [17] Murat Yesilyurt, Yildiray Yalman, (2016),
Dou, (2019) “A blockchain-powered crowdsourcing "Security Threats on Mobile Devices and their Effects:
method with privacy preservation in mobile Estimations for the Future", International Journal of
environment,” IEEE Transactions on Computational Security and Its Applications Vol. 10, No. 2, pp.13-26.
Social Systems, vol. 6, no. 6, pp. 1407–1419.
[18] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and
[8] Eva Rodríguez, Beatriz Otero, Norma Gutiérrez H. Janicke, (2020) “Deep learning for cyber security
and Ramon Canal, (2021) " A Survey of Deep intrusion detection: approaches, datasets, and
Learning Techniques for Cybersecurity in Mobile comparative study,” Journal of Information Security
Networks " in IEEE Communications Surveys & and Applications, vol. 50, p.
Tutorials, vol. 18, no. 2, pp. 1686-1695.
[19] S. Zeadally, E. Adi, Z. Baig and I. A. Khan, (2020)
[9] Soni, V. D. (2020). Challenges and Solution for "Harnessing Artificial Intelligence Capabilities to
Artificial Intelligence in Cybersecurity of the USA. Improve Cybersecurity", in IEEE Access, vol. 8, pp.
Available at SSRN 3624487. 23817-23837.

[10] Sarker I.H., Badsha S., Alqahtani H., Watters P., [20] Panchev C., Dobrev P., Nicholson J. (2014).
(2021) Cybersecurity data science: an overview from Detecting port scans against mobile devices with neural
machine learning perspective. JournalofBig Data7(1). networks and decision trees. In International
Conference on Engineering Applications of Neural
[11] Lu X., Pan Z., Xian H. (2020) An integrity Networks (pp. 175-182).
verification scheme of cloud storage for internet-of-
things mobile terminal devices. Comput. Secur. 92, [21] Technical Information Paper, (2010) Cyber Threats
101686. to Mobile Devices, TIP-10-105-01 [Online] Available:
http://www.us-cert.gov/reading_room/TIP10-105-01.pdf

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY SURATHKAL. Downloaded on October 15,2023 at 12:55:36 UTC from IEEE Xplore. Restrictions apply.