Simple and effective method for detecting abnormal internet behaviors of mobile devices

Chen, Patrick Shicheng; Lin, Shu‐Chiung; Sun, Chien-Hsing

doi:10.1016/j.ins.2015.04.035

Cited by 29 publications

(11 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unlike the work mentioned above, our proposed system runs at the network level directly without necessarily having access to the mobile devices. We notice that the most similar work was carried out by Chen et al [15]. Chen et al 's method [15] was also implemented at the network level and identified abnormal network behaviors by conducting 3-step check action, including (1) identifying HTTP POST and HTTP GET packages, (2) checking whether the device was exposing unique device identifiers such as IMEI and IMSI, and (3) determining the legitimacy of the remote server by querying the domain name server.…”

Section: Related Workmentioning

confidence: 69%

“…So their method can only be applied to HTTP traffic. Contrary to the work of Chen et al [15], we use the combination of signature matching and constrained mobile network traffic clustering for app identification and, thus, our method is suitable for both plaintext and ciphertext traffic such as HTTPS. The work introduced in [6] is also intended to detect Android malware from network traffic.…”

Section: Related Workmentioning

confidence: 99%

“…Notably, AppFA does not need to install programs or modify operating systems to extract detection features; therefore, it is lightweight and easy to deploy. We notice that literature [15] is also a kind of network-side approach, while it only analyzes HTTP traffic and cannot be applied to encrypted network traffic. Previous works [6,7] have also proposed methods to detect mobile malware from network traffic.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

AppFA: A Novel Approach to Detect Malicious Android Applications on the Network

Zhu

2018

Security and Communication Networks

View full text Add to dashboard Cite

We propose AppFA, an Application Flow Analysis approach, to detect malicious Android applications (simply apps) on the network. Unlike most of the existing work, AppFA does not need to install programs on mobile devices or modify mobile operating systems to extract detection features. Besides, it is able to handle encrypted network traffic. Specifically, we propose a constrained clustering algorithm to classify apps network traffic, and use Kernel Principal Component Analysis to build their network behavior profiles. After that, peer group analysis is explored to detect malicious apps by comparing apps’ network behavior profiles with the historical data and the profiles of their selected peer groups. These steps can be repeated every several minutes to meet the requirement of online detection. We have implemented AppFA and tested it with a public dataset. The experimental results show that AppFA can cluster apps network traffic efficiently and detect malicious Android apps with high accuracy and low false positive rate. We have also tested the performance of AppFA from the computational time standpoint.

show abstract

Section: Related Workmentioning

confidence: 69%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

AppFA: A Novel Approach to Detect Malicious Android Applications on the Network

Zhu

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The signature based detection is a widely used method in static analysis. According to this method, the binary executables are transformed to represent hashes which are matched with a database of known malware samples [ 13] [ 14] [15] [ 16] [ 17], but it shows following weaknesses. The signature method requires continuous updates of signature and high maintenance cost.…”

Section: Introductionmentioning

confidence: 99%

Android malicious code Classification using Deep Belief Network

Luo¹,

Tian²,

Long³

et al. 2018

KSII TIIS

View full text Add to dashboard Cite

This paper presents a novel Android malware classification model planned to classify and categorize Android malicious code at Drebin dataset. The amount of malicious mobile application targeting Android based smartphones has increased rapidly. In this paper, Restricted Boltzmann Machine and Deep Belief Network are used to classify malware into families of Android application. A texture-fingerprint based approach is proposed to extract or detect the feature of malware content. A malware has a unique "image texture" in feature spatial relations. The method uses information on texture image extracted from malicious or benign code, which are mapped to uncompressed gray-scale according to the texture image-based approach. By studying and extracting the implicit features of the API call from a large number of training samples, we get the original dynamic activity features sets. In order to improve the accuracy of classification algorithm on the features selection, on the basis of which, it combines the implicit features of the texture image and API call in malicious code, to train Restricted Boltzmann Machine and Back Propagation. In an evaluation with different malware and benign samples, the experimental results suggest that the usability of this method-using Deep Belief Network to classify Android malware by their texture images and API calls, it detects more than 94% of the malware with few false alarms. Which is higher than shallow machine learning algorithm clearly.

show abstract

“…User clicks behavior in sponsored search is analyzed in [40] to help advertisers raise the quality of their ads. In trust related research, a framework for automatic analysis of malware behavior using machine learning is introduced in [67], and the abnormal internet behaviors are analyzed to detect mobile malware in [17]. Behavior modeling and behavior pattern analysis are addressed for web services in the bootstrapping approach presented in [86].…”

Section: Introductionmentioning

confidence: 99%