Title :
Detecting application update attack on mobile devices through network featur
Author :
Tenenboim-Chekina, L. ; Barad, O. ; Shabtai, Asaf ; Mimran, D. ; Rokach, L. ; Shapira, B. ; Elovici, Yuval
Author_Institution :
Dept. of Inf. Syst. Eng., Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel
Abstract :
Recently, a new type of mobile malware applications with self-updating capabilities was found on the official Google Android marketplace. Malware applications of this type cannot be detected using the standard signatures approach or by applying regular static or dynamic analysis methods. In this paper we first describe and analyze this new type of mobile malware and then present a new network-based behavioral analysis for identifying such malware applications. For each application, a model representing its specific traffic pattern is learned locally on the device. Machine-learning methods are used for learning the normal patterns and detection of deviations from the normal application´s behavior. These methods were implemented and evaluated on Android devices.
Keywords :
invasive software; learning (artificial intelligence); mobile computing; smart phones; telecommunication security; telecommunication traffic; Android devices; Google Android marketplace; application update attack detection; deviations detection; machine-learning methods; mobile devices; mobile malware applications; network features; network-based behavioral analysis; normal patterns learning; self-updating capabilities; traffic pattern; Androids; Google; Humanoid robots; Mobile communication; Payloads; Trojan horses;
Conference_Titel :
Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on
Conference_Location :
Turin
Print_ISBN :
978-1-4799-0055-8
DOI :
10.1109/INFCOMW.2013.6970755
