Causality-based Sensemaking of Network Traffic for Android Application Security
- 28 October 2016
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security
Abstract
Malicious Android applications pose serious threats to mobile security. They threaten the data confidentiality and system integrity on Android devices. Monitoring runtime activities serves as an important technique for analyzing dynamic app behaviors. We design a triggering relation model for dynamically analyzing network traffic on Android devices. Our model enables one to infer the dependency of outbound network requests from the device. We describe a new machine learning approach for discovering the dependency of network requests. These request-level dependence relations are used to detect stealthy malware activities. Malicious requests are identified due to the lack of dependency with legitimate triggers. Our prototype is evaluated on 14GB network traffic data and system logs collected from an Android tablet. Experimental results show that our solution achieves a high accuracy (99.1%) in detecting malicious requests sent from new malicious apps.Keywords
Funding Information
- ARO (W911NF-14-1-0535)
- National Science Foundation (CNS-0953638)
This publication has 35 references indexed in Scilit:
- On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and UsersPublished by Springer Science and Business Media LLC ,2015
- AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using ContextPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Leave Me Alone: App-Level Protection against Runtime Information Gathering on AndroidPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Automatic generation of mobile app signatures from traffic observationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- TaintDroidACM Transactions on Computer Systems, 2014
- I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic AnalysisLecture Notes in Computer Science, 2014
- Structural detection of android malware using embedded call graphsPublished by Association for Computing Machinery (ACM) ,2013
- Identifying android malicious repackaged applications by thread-grained system call sequencesComputers & Security, 2013
- DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in AndroidPublished by Springer Science and Business Media LLC ,2013
- Link miningACM SIGKDD Explorations Newsletter, 2005