Title :
Malware detection in Android by network traffic analysis
Author :
Zaman, Mehedee ; Siddiqui, Tazrian ; Amin, Mohammad Rakib ; Hossain, Md Shohrab
Author_Institution :
Dept. of Comput. Sci. & Eng., Bangladesh Univ. of Eng. & Technol., Dhaka, Bangladesh
Abstract :
A common behavior of mobile malware is transferring sensitive information of the cell phone user to malicious remote servers. In this paper, we describe and demonstrate in full detail, a method for detecting malware based on this behavior. For this, we first create an App-URL table that logs all attempts made by all applications to communicate with remote servers. Each entry in this log preserves the application id and the URI that the application contacted. From this log, with the help of a reliable and comprehensive domain blacklist, we can detect rogue applications that communicate with malicious domains. We further propose a behavioral analysis method using syscall tracing. Our work can be integrated with be behavioral analysis to build an intelligent malware detection model.
Keywords :
Android (operating system); invasive software; mobile computing; program diagnostics; telecommunication traffic; App-URL table; URI; behavioral analysis method; cell phone user; domain blacklist; intelligent malware detection model; malicious remote servers; mobile malware detection; sensitive information transfer; syscall tracing; Androids; Humanoid robots; Malware; Mobile communication; Ports (Computers); Servers; Uniform resource locators; ADB; Android; Busybox; malware detection; netstat; pcap;
Conference_Titel :
Networking Systems and Security (NSysS), 2015 International Conference on
Conference_Location :
Dhaka
Print_ISBN :
978-1-4799-8125-0
DOI :
10.1109/NSysS.2015.7043530
