Malware detection in Android by network traffic analysis

Author

Zaman, Mehedee ; Siddiqui, Tazrian ; Amin, Mohammad Rakib ; Hossain, Md Shohrab

Author_Institution

Dept. of Comput. Sci. & Eng., Bangladesh Univ. of Eng. & Technol., Dhaka, Bangladesh

fYear

2015

Firstpage

1

Lastpage

5

Abstract

A common behavior of mobile malware is transferring sensitive information of the cell phone user to malicious remote servers. In this paper, we describe and demonstrate in full detail, a method for detecting malware based on this behavior. For this, we first create an App-URL table that logs all attempts made by all applications to communicate with remote servers. Each entry in this log preserves the application id and the URI that the application contacted. From this log, with the help of a reliable and comprehensive domain blacklist, we can detect rogue applications that communicate with malicious domains. We further propose a behavioral analysis method using syscall tracing. Our work can be integrated with be behavioral analysis to build an intelligent malware detection model.

Keywords

Android (operating system); invasive software; mobile computing; program diagnostics; telecommunication traffic; App-URL table; URI; behavioral analysis method; cell phone user; domain blacklist; intelligent malware detection model; malicious remote servers; mobile malware detection; sensitive information transfer; syscall tracing; Androids; Humanoid robots; Malware; Mobile communication; Ports (Computers); Servers; Uniform resource locators; ADB; Android; Busybox; malware detection; netstat; pcap;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking Systems and Security (NSysS), 2015 International Conference on

Conference_Location

Dhaka

Print_ISBN

978-1-4799-8125-0

Type

conf

DOI

10.1109/NSysS.2015.7043530

Filename

7043530