Towards a Network-Based Framework for Android Malware Detection and Characterization

2017 15th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2017-08-01 DOI:10.1109/PST.2017.00035

Arash Habibi Lashkari, A. A. Kadir, Hugo Gonzalez, Kenneth Fon Mbah, A. Ghorbani

{"title":"Towards a Network-Based Framework for Android Malware Detection and Characterization","authors":"Arash Habibi Lashkari, A. A. Kadir, Hugo Gonzalez, Kenneth Fon Mbah, A. Ghorbani","doi":"10.1109/PST.2017.00035","DOIUrl":null,"url":null,"abstract":"Mobile malware is so pernicious and on the rise, accordingly having a fast and reliable detection system is necessary for the users. In this research, a new detection and characterization system for detecting meaningful deviations in the network behavior of a smart-phone application is proposed. The main goal of the proposed system is to protect mobile device users and cellular infrastructure companies from malicious applications with just 9 traffic feature measurements. The proposed system is not only able to detect the malicious or masquerading apps, but can also identify them as general malware or specific malware (i.e. adware) on a mobile device. The proposed method showed the average accuracy (91.41%), precision (91.24%), and false positive (0.085) for five classifiers namely; Random Forest (RF), K-Nearest Neighbor (KNN), Decision Tree (DT), Random Tree (RT) and Regression (R). We also offer a labeled dataset of mobile malware traffic with 1900 applications includes benign and 12 different families of both adware and general malware.","PeriodicalId":405887,"journal":{"name":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","volume":"189 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"89","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 15th Annual Conference on Privacy, Security and Trust (PST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST.2017.00035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 89

Abstract

Mobile malware is so pernicious and on the rise, accordingly having a fast and reliable detection system is necessary for the users. In this research, a new detection and characterization system for detecting meaningful deviations in the network behavior of a smart-phone application is proposed. The main goal of the proposed system is to protect mobile device users and cellular infrastructure companies from malicious applications with just 9 traffic feature measurements. The proposed system is not only able to detect the malicious or masquerading apps, but can also identify them as general malware or specific malware (i.e. adware) on a mobile device. The proposed method showed the average accuracy (91.41%), precision (91.24%), and false positive (0.085) for five classifiers namely; Random Forest (RF), K-Nearest Neighbor (KNN), Decision Tree (DT), Random Tree (RT) and Regression (R). We also offer a labeled dataset of mobile malware traffic with 1900 applications includes benign and 12 different families of both adware and general malware.

查看原文本刊更多论文

基于网络的Android恶意软件检测与表征框架研究

手机恶意软件的危害如此之大且呈上升趋势，因此拥有一个快速可靠的检测系统对于用户来说是非常必要的。在这项研究中，提出了一种新的检测和表征系统，用于检测智能手机应用程序的网络行为中有意义的偏差。该系统的主要目标是保护移动设备用户和蜂窝基础设施公司免受恶意应用程序的侵害，仅使用9个流量特征测量。所提出的系统不仅能够检测恶意或伪装应用程序，还可以识别它们是移动设备上的一般恶意软件或特定恶意软件(即广告软件)。该方法对5个分类器的平均准确率为91.41%，精密度为91.24%，假阳性为0.085;随机森林(RF)， k近邻(KNN)，决策树(DT)，随机树(RT)和回归(R)。我们还提供了一个带有1900个应用程序的移动恶意软件流量标记数据集，包括良性和12个不同的广告软件和一般恶意软件家族。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 15th Annual Conference on Privacy, Security and Trust (PST)

自引率

0.00%

发文量