AppFA: A Novel Approach to Detect Malicious Android Applications on the Network
作者: Gaofeng He , Bingfeng Xu , Haiting Zhu
DOI: 10.1155/2018/2854728
关键词:
摘要: We propose AppFA, an Application Flow Analysis approach, to detect malicious Android applications (simply apps) on the network. Unlike most of existing work, AppFA does not need install programs mobile devices or modify operating systems extract detection features. Besides, it is able handle encrypted network traffic. Specifically, we a constrained clustering algorithm classify apps traffic, and use Kernel Principal Component build their behavior profiles. After that, peer group analysis explored by comparing apps’ profiles with historical data selected groups. These steps can be repeated every several minutes meet requirement online detection. have implemented tested public dataset. The experimental results show that cluster traffic efficiently high accuracy low false positive rate. also performance from computational time standpoint.
hindawi.com
core.ac.uk参考文章(18)
Gianluca Dini, Fabio Martinelli, Andrea Saracino, Daniele Sgandurra, MADAM: A Multi-level Anomaly Detector for Android Malware Lecture Notes in Computer Science. pp. 240- 253 ,(2012) , 10.1007/978-3-642-33704-8_21
Brad Miller, Ling Huang, A. D. Joseph, J. D. Tygar, I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis privacy enhancing technologies. pp. 143- 163 ,(2014) , 10.1007/978-3-319-08506-7_8
Behrouz Babaki, Tias Guns, Siegfried Nijssen, Constrained Clustering Using Column Generation integration of ai and or techniques in constraint programming. ,vol. 8451, pp. 438- 454 ,(2014) , 10.1007/978-3-319-07046-9_31
Yu Wang, Yang Xiang, Jun Zhang, Wanlei Zhou, Guiyi Wei, Laurence T. Yang, Internet Traffic Classification Using Constrained Clustering IEEE Transactions on Parallel and Distributed Systems. ,vol. 25, pp. 2932- 2943 ,(2014) , 10.1109/TPDS.2013.307
L.J. Cao, K.S. Chua, W.K. Chong, H.P. Lee, Q.M. Gu, A comparison of PCA, KPCA and ICA for dimensionality reduction in support vector machine Neurocomputing. ,vol. 55, pp. 321- 336 ,(2003) , 10.1016/S0925-2312(03)00433-8
Patrick Shicheng Chen, Shu-Chiung Lin, Chien-Hsing Sun, Simple and effective method for detecting abnormal internet behaviors of mobile devices Information Sciences. ,vol. 321, pp. 193- 204 ,(2015) , 10.1016/J.INS.2015.04.035
A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, Y. Elovici, Mobile malware detection through analysis of deviations in application network behavior Computers & Security. ,vol. 43, pp. 1- 18 ,(2014) , 10.1016/J.COSE.2014.02.009
Dimitrios Damopoulos, Georgios Kambourakis, Stefanos Gritzalis, Sang Oh Park, Exposing mobile malware from the inside (or what is your mobile app really doing Peer-to-peer Networking and Applications. ,vol. 7, pp. 687- 697 ,(2014) , 10.1007/S12083-012-0179-X
Parvez Faruki, Ammar Bharmal, Vijay Laxmi, Vijay Ganmoor, Manoj Singh Gaur, Mauro Conti, Muttukrishnan Rajarajan, Android Security: A Survey of Issues, Malware Penetration, and Defenses IEEE Communications Surveys and Tutorials. ,vol. 17, pp. 998- 1022 ,(2015) , 10.1109/COMST.2014.2386139
Parvez Faruki, Vijay Laxmi, Ammar Bharmal, M.S. Gaur, Vijay Ganmoor, AndroSimilar: Robust signature for detecting variants of Android malware workshop on information security applications. ,vol. 22, pp. 66- 80 ,(2015) , 10.1016/J.JISA.2014.10.011