A First Look at Android Malware Traffic in First Few Minutes
作者: Lizhi Peng , Zhenxiang Chen , Hongbo Han , Jin Li , Qiben Yan
DOI: 10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.376
关键词:
摘要: With the advent of mobile era, terminals are going through a trend surpassing PC to become most popular computing device. Meanwhile, hackers and viruswriters paying close attention terminals, especially Android platform. The growing malwares on system has drawn attentions from both academia security industry. Recently, network traffic analysis been used identify malware. But due lack large-scale malware repository systematic features, existing research mostly remain in theory. In this paper, we design an behavior monitoring scheme capture data generated by samples real Internet environment. We 5560 first 5 minutes, analyze major compositions data. discover that HTTP DNS accounted for more than 99% application layer traffic. then present related features: query, packet length, ratio downlink uplink amount, request Ad feature. Our statistical results illustrate that: (1) 70% generate malicious (2) query can be malware, detection rate reaches 69.55% 40.89% respectively, (3) greatly affect detection. believe our provides in-depth into malwares' behaviors.
sci-hub.st 参考文章(10)
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
Hossein Falaki, Dimitrios Lymberopoulos, Ratul Mahajan, Srikanth Kandula, Deborah Estrin, A first look at traffic on smartphones internet measurement conference. pp. 281- 287 ,(2010) , 10.1145/1879141.1879176
Jerry Cheng, Starsky H.Y. Wong, Hao Yang, Songwu Lu, SmartSiren Proceedings of the 5th international conference on Mobile systems, applications and services - MobiSys '07. pp. 258- 271 ,(2007) , 10.1145/1247660.1247690
L. Tenenboim-Chekina, O. Barad, A. Shabtai, D. Mimran, L. Rokach, B. Shapira, Y. Elovici, Detecting application update attack on mobile devices through network featur international conference on computer communications. pp. 91- 92 ,(2013) , 10.1109/INFCOMW.2013.6970755
A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, Y. Elovici, Mobile malware detection through analysis of deviations in application network behavior Computers & Security. ,vol. 43, pp. 1- 18 ,(2014) , 10.1016/J.COSE.2014.02.009
Zheran Fang, Weili Han, Yingjiu Li, Permission based Android security: Issues and countermeasures Computers & Security. ,vol. 43, pp. 205- 218 ,(2014) , 10.1016/J.COSE.2014.02.007
Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, CERT Siemens, DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23247
Yajin Zhou, Xuxian Jiang, Dissecting Android Malware: Characterization and Evolution ieee symposium on security and privacy. pp. 95- 109 ,(2012) , 10.1109/SP.2012.16
Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos, ProfileDroid Proceedings of the 18th annual international conference on Mobile computing and networking - Mobicom '12. pp. 137- 148 ,(2012) , 10.1145/2348543.2348563
Shuaifu Dai, Alok Tongaonkar, Xiaoyin Wang, Antonio Nucci, Dawn Song, NetworkProfiler: Towards automatic fingerprinting of Android apps 2013 Proceedings IEEE INFOCOM. pp. 809- 817 ,(2013) , 10.1109/INFCOM.2013.6566868