Detecting application update attack on mobile devices through network featur

Author

Tenenboim-Chekina, L. ; Barad, O. ; Shabtai, Asaf ; Mimran, D. ; Rokach, L. ; Shapira, B. ; Elovici, Yuval

Author_Institution

Dept. of Inf. Syst. Eng., Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel

fYear

2013

fDate

14-19 April 2013

Firstpage

91

Lastpage

92

Abstract

Recently, a new type of mobile malware applications with self-updating capabilities was found on the official Google Android marketplace. Malware applications of this type cannot be detected using the standard signatures approach or by applying regular static or dynamic analysis methods. In this paper we first describe and analyze this new type of mobile malware and then present a new network-based behavioral analysis for identifying such malware applications. For each application, a model representing its specific traffic pattern is learned locally on the device. Machine-learning methods are used for learning the normal patterns and detection of deviations from the normal application´s behavior. These methods were implemented and evaluated on Android devices.

Keywords

invasive software; learning (artificial intelligence); mobile computing; smart phones; telecommunication security; telecommunication traffic; Android devices; Google Android marketplace; application update attack detection; deviations detection; machine-learning methods; mobile devices; mobile malware applications; network features; network-based behavioral analysis; normal patterns learning; self-updating capabilities; traffic pattern; Androids; Google; Humanoid robots; Mobile communication; Payloads; Trojan horses;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on

Conference_Location

Turin

Print_ISBN

978-1-4799-0055-8

Type

conf

DOI

10.1109/INFCOMW.2013.6970755

Filename

6970755