Student-led research deploys AI to spot stealthy Android malware

Jun 05, 2025
Nesreen Dalhy and Dr. Karim Elish

Nesreen Dalhy B.S. ’23, M.S. ’25, and Dr. Karim Elish, associate professor of computer science at Florida Polytechnic University, have developed new ways to detect elusive Android malware known as remote access trojans (RATs). They presented the research at the IEEE/ACIS International Conference on Software Engineering, Management and Applications in May.

Researchers at Florida Polytechnic University have developed an artificial intelligence technique that can detect elusive malware known as remote access trojans (RATs) on Android devices. The breakthrough could help protect millions of users from cybercriminals who use RATs to steal personal information and control devices without detection.

Nesreen Dalhy B.S. ’23, M.S. ’25 worked with Dr. Karim Elish, associate professor of computer science at Florida Poly, to identify new, more effective ways to detect this malicious software as part of her master’s thesis. 

“RATs are a significant cybersecurity threat – they are particularly hard to detect, remain persistent and attempt to steal as much of your data as possible,” said Dalhy, who has bachelor’s and master’s degrees in computer science from the University. “A lot of the existing research tries to identify general types of malware, but there isn’t much that specifically tries to detect RATs.”

Dalhy, from Davenport, Florida, said RATs have been a problem for years, evolving alongside technology. They continually find new ways to stay hidden in smartphones and steal users’ personal information. Androids account for over 80% of the world’s mobile devices.

“It can silently run in the background of your phone and spy on you without you realizing it,” she said. “When you’re using an app, you’re just seeing whatever is on the screen and not everything that is going on, and that’s what RATs take advantage of.”

It’s under this cyber cloak that the malware can take control of an Android device to make calls, send messages, record audio or video, or even encrypt the device’s files and demand a ransom. 

Dalhy and Elish trained a machine learning model to focus only on narrow samples of malware to identify and differentiate specific RAT patterns. By using different threat intelligence databases, they were able to analyze which malware exhibited RAT behavior and use RAT characteristics to highlight more of the smaller samples for detection.  

Elish, an expert on Android security, said three models they developed detected almost all RATS with 99% accuracy. 

The next steps for this work will be developing a mobile application based on its results and expanding the research model to detect a broader range of malware families to improve its utility and effectiveness.

“Nesreen did amazing work that will have a lot of impact on the community,” Elish said. “I am very proud of her work and that we are able to publish this and present it at an important conference.”

Dalhy and Elish presented the research at the industry-leading IEEE/ACIS International Conference on Software Engineering, Management and Applications in May.

 

Contact:
Lydia Guzmán
Director of Communications
863-874-8557

Categories