Mining Mobile Internet Packets for Malware Detection

With the fast development of mobile devices, the volume of mobile internet traffic increased dramatically. Various information is potential to be mined from it. In this paper, the large-scale mobile internet traffic is employed to protect end-users from mobile malwares that emerge at a similar speed to that of mobile internet. Traditional mobile malware detection methods often inevitably consume the limited battery life and computing resource of the end device. To solve these problems, a novel framework, Mining Mobile Internet Packets for Malware Detection (MMIP-MD), is proposed. Since the new technology of format preserving encryption (FPE) made the data of mobile internet traffic from telecommunication operators accessible and minable without leaking end-users´ privacies, the framework thus aims feasibly at detecting mobile malwares using the traffic data only, which moves the detection from the end device to the internet side. It has good extensibility since a variety of mining algorithms can be applied on this framework to discover behavioral patterns of malwares. In addition, a real example of Bayes classification was implemented to illustrate the framework and test its feasibility.