Skip to main content
SpringerLink
Log in

A Fast and Effective Detection of Mobile Malware Behavior Using Network Traffic

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11337))

Abstract

Android platform has become the most popular smartphone system due to its openness and flexibility. Similarly, it has also become the target of numerous attackers because of these. Various types of malware are thus designed to attack Android devices. All these cases prompted amounts of researchers to start studying malware detection technologies and some of the groups applied network traffic analysis to their detection models. The majority of these models have considered the detection primarily on network traffic statistical features which can distinguish malicious network traffic from normal one. However, when faces a large amount of network traffic on the detection stage, especially some of the network flows are quite huge as a result of containing too many packets, feature extraction can be extremely time consuming. Therefore, we propose a malware detection approach based on TCP traffic, which can quickly and effectively detect malware behavior. We first employ the traffic collection platform to collect network traffic generated by various apps. After preprocessing (filtering and aggregating) the collected network traffic data, we get a large number of TCP flows. Next we extract early packets’ sizes as features from each TCP flow and then send it to detection model to get the detection result. In our method, the time it takes to extract features from 53108 network flows is reduced from 39321 s to 18041 s, which is a reduction of 54%. Meanwhile, our method achieves a detection rate of 97%.

Supported by the National Natural Science Foundation of China under Grants No. 61672262, No. 61573166 and No. 61572230, the Shandong Provincial Key R&D Program under Grant No. 2016GGX101001, No. 2016GGX101008, No. 2018CXGC0706 and No. 2016ZDJS01A09, the TaiShan Industrial Experts Programme of Shandong Province under Grants No. tscy20150305, CERNET Next Generation Internet Technology Innovation Project under Grant No. NGII20160404.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Another reason 99% of mobile malware targets androids (2017). https://safeandsavvy.f-secure.com/2017/02/15/another-reason-99-percent-of-mobile-malware-targets-androids/

  2. Gartner: Q1 worldwide smartphone sales growth 9% (2017). http://smartcity.asmag.com.cn/xfdz/4345.html

  3. Number of available applications in the google play store from December 2009 to March 2018 (2018). https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/

  4. Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), pp. 66–71. IEEE (2014)

    Google Scholar 

  5. Arora, A., Peddoju, S.K.: Minimizing network traffic features for android mobile malware detection. In: Proceedings of the 18th International Conference on Distributed Computing and Networking, p. 32. ACM (2017)

    Google Scholar 

  6. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  7. Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: Traffic classification on the fly. ACM SIGCOMM Comput. Commun. Rev. 36(2), 23–26 (2006)

    Article  Google Scholar 

  8. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  9. Chen, Z., et al.: A first look at android malware traffic in first few minutes. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 206–213. IEEE (2015)

    Google Scholar 

  10. Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)

    Article  Google Scholar 

  11. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)

    Google Scholar 

  12. Este, A., Gringoli, F., Salgarelli, L.: On the stability of the information carried by traffic flow features at the packet level. ACM SIGCOMM Comput. Commun. Rev. 39(3), 13–18 (2009)

    Article  Google Scholar 

  13. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  14. Lizhi, P., Bo, Y., Yuehui, C., Tong, W.: How many packets are most effective for early stage traffic identification: an experimental study. China Commun. 11(9), 183–193 (2014)

    Article  Google Scholar 

  15. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: 2007 Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, pp. 421–430. IEEE (2007)

    Google Scholar 

  16. Opitz, D.W., Maclin, R.: Popular ensemble methods: an empirical study. J. Artif. Intell. Res. (JAIR) 11, 169–198 (1999)

    Article  Google Scholar 

  17. Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B., Elovici, Y.: Mobile malware detection through analysis of deviations in application network behavior. Comput. Secur. 43, 1–18 (2014)

    Article  Google Scholar 

  18. Wang, S., et al.: TrafficAV: an effective and explainable detection of mobile malware behavior using network traffic. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), pp. 1–6. IEEE (2016)

    Google Scholar 

  19. Wang, S., Yan, Q., Chen, Z., Yang, B., Zhao, C., Conti, M.: Detecting android malware leveraging text semantics of network flows. IEEE Trans. Inf. Forensics Secur. 13(5), 1096–1109 (2018)

    Article  Google Scholar 

  20. Wei, T.E., Mao, C.H., Jeng, A.B., Lee, H.M., Wang, H.T., Wu, D.J.: Android malware detection via a latent network behavior analysis. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1251–1258. IEEE (2012)

    Google Scholar 

  21. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium, pp. 569–584 (2012)

    Google Scholar 

  22. Zaman, M., Siddiqui, T., Amin, M.R., Hossain, M.S.: Malware detection in android by network traffic analysis. In: 2015 International Conference on Networking Systems and Security (NSysS), pp. 1–5. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, University of Jinan, Jinan, 250022, Shandong, China

    Anran Liu, Zhenxiang Chen, Shanshan Wang, Lizhi Peng & Chuan Zhao

  2. Shandong Provincial Key Laboratory of Network Based Intelligent Computing, Jinan, 250022, Shandong, China

    Anran Liu, Zhenxiang Chen, Shanshan Wang, Lizhi Peng & Chuan Zhao

  3. School of Software, Shandong University, Jinan, 250100, Shandong, China

    Yuliang Shi

Authors
  1. Anran Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhenxiang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shanshan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lizhi Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chuan Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yuliang Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhenxiang Chen .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

  2. Guangzhou University, Guangzhou, China

    Jin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, A., Chen, Z., Wang, S., Peng, L., Zhao, C., Shi, Y. (2018). A Fast and Effective Detection of Mobile Malware Behavior Using Network Traffic. In: Vaidya, J., Li, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11337. Springer, Cham. https://doi.org/10.1007/978-3-030-05063-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05063-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05062-7

  • Online ISBN: 978-3-030-05063-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation