Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Dynamic Task Scheduler for Real Time Requirement in Cloud Computing System Read chapter Read first chapter

2018 | OriginalPaper | Chapter

A Fast and Effective Detection of Mobile Malware Behavior Using Network Traffic

Authors : Anran Liu, Zhenxiang Chen, Shanshan Wang, Lizhi Peng, Chuan Zhao, Yuliang Shi

Published in: Algorithms and Architectures for Parallel Processing

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Android platform has become the most popular smartphone system due to its openness and flexibility. Similarly, it has also become the target of numerous attackers because of these. Various types of malware are thus designed to attack Android devices. All these cases prompted amounts of researchers to start studying malware detection technologies and some of the groups applied network traffic analysis to their detection models. The majority of these models have considered the detection primarily on network traffic statistical features which can distinguish malicious network traffic from normal one. However, when faces a large amount of network traffic on the detection stage, especially some of the network flows are quite huge as a result of containing too many packets, feature extraction can be extremely time consuming. Therefore, we propose a malware detection approach based on TCP traffic, which can quickly and effectively detect malware behavior. We first employ the traffic collection platform to collect network traffic generated by various apps. After preprocessing (filtering and aggregating) the collected network traffic data, we get a large number of TCP flows. Next we extract early packets’ sizes as features from each TCP flow and then send it to detection model to get the detection result. In our method, the time it takes to extract features from 53108 network flows is reduced from 39321 s to 18041 s, which is a reduction of 54%. Meanwhile, our method achieves a detection rate of 97%.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Harden Tamper-Proofing to Combat MATE Attack
next chapter A Scalable Pthreads-Compatible Thread Model for VM-Intensive Programs
Literature
1.
2.
3.
4.
Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), pp. 66–71. IEEE (2014)
5.
Arora, A., Peddoju, S.K.: Minimizing network traffic features for android mobile malware detection. In: Proceedings of the 18th International Conference on Distributed Computing and Networking, p. 32. ACM (2017)
6.
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)
7.
Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: Traffic classification on the fly. ACM SIGCOMM Comput. Commun. Rev. 36(2), 23–26 (2006)CrossRef
8.
9.
Chen, Z., et al.: A first look at android malware traffic in first few minutes. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 206–213. IEEE (2015)
10.
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRef
11.
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)
12.
Este, A., Gringoli, F., Salgarelli, L.: On the stability of the information carried by traffic flow features at the packet level. ACM SIGCOMM Comput. Commun. Rev. 39(3), 13–18 (2009)CrossRef
13.
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)
14.
Lizhi, P., Bo, Y., Yuehui, C., Tong, W.: How many packets are most effective for early stage traffic identification: an experimental study. China Commun. 11(9), 183–193 (2014)CrossRef
15.
Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: 2007 Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, pp. 421–430. IEEE (2007)
16.
Opitz, D.W., Maclin, R.: Popular ensemble methods: an empirical study. J. Artif. Intell. Res. (JAIR) 11, 169–198 (1999)CrossRef
17.
Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B., Elovici, Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43, 1–18 (2014)CrossRef
18.
Wang, S., et al.: TrafficAV: an effective and explainable detection of mobile malware behavior using network traffic. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–6. IEEE (2016)
19.
Wang, S., Yan, Q., Chen, Z., Yang, B., Zhao, C., Conti, M.: Detecting android malware leveraging text semantics of network flows. IEEE Trans. Inf. Forensics Secur. 13(5), 1096–1109 (2018)CrossRef
20.
Wei, T.E., Mao, C.H., Jeng, A.B., Lee, H.M., Wang, H.T., Wu, D.J.: Android malware detection via a latent network behavior analysis. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1251–1258. IEEE (2012)
21.
Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium, pp. 569–584 (2012)
22.
Zaman, M., Siddiqui, T., Amin, M.R., Hossain, M.S.: Malware detection in android by network traffic analysis. In: 2015 International Conference on Networking Systems and Security (NSysS), pp. 1–5. IEEE (2015)
Metadata
Title
A Fast and Effective Detection of Mobile Malware Behavior Using Network Traffic
Authors
Anran Liu
Zhenxiang Chen
Shanshan Wang
Lizhi Peng
Chuan Zhao
Yuliang Shi
Copyright Year
2018
Book
Algorithms and Architectures for Parallel Processing

Print ISBN: 978-3-030-05062-7

Electronic ISBN: 978-3-030-05063-4

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-3-030-05063-4_10

Premium Partner

    Image Credits