Android恶意应用HTTP行为特征生成与提取方法

doi:10.11959/j.issn.1000-0801.2016222

Abstract

Abstract:

Growing of Android malware，not only seriously endangered the security of the Android market，but also brings challenges for detection.A generation and extraction approach of automatic Android malware behavioral signatures was proposed based on HTTP traffic.Firstly，the behavioral signatures were extracted from the traffic traces generated by Android malware.Then，network behavioral characteristics were extracted from the generated network traffic.Finally，these behavioral signatures were used to detect Android malware.The experimental results show that the approach is able to extract Android malware network traffic behavioral signature with accuracy and efficiency.

Key words: Androidmalware, HTTPtraffic, networkbehavioralcharacteristic, security

Yaling LUO,Wenwei LI,Xin SU. HTTP behavior characteristics generation and extraction approach for Android malware[J]. Telecommunications Science, 2016, 32(8): 136-145.

Figures/Tables 15

References 22

[1]	上年国内在网活跃移动智能设备数量达到 8.99 亿[EB/OL].[2016-04-25]. .The number of online active smart devices reach 0.899 billion in first half of 2015 in China[EB/OL].[2016-04-25]. .
[2]	GRACE M , ZHOU Y , ZHANG Q ,et al. RiskRanker:scalable and accurate zero-day Android malware detection[C]// The 10th International Conference on Mobile Systems,Applications and Services(MobiSys 2012),April 5-11,2012, San Diego,CA,USA. New York： ACM Press, 2012: 281-294.
[3]	ARP D , SPREITZENBARTH M , HUBNER M ,et al. Drebin:effective and explainable detection of Android malware in your pocket[C]// Network and Distributed System Security Symposium(NDSS 2014),June 11-15,2014, San Diego,CA,USA. Washington： IEEE Computer Society, 2014: 199-210.
[4]	Linear SVM[EB/OL].[2016-04-25]. .
[5]	HAO S , LIU B , NATH S ,et al. Programmable UI-automation for large-scale dynamic analysis of mobile apps[C]// 12th International Conference on Mobile Systems,Applications and Services(MobiSys 2014),September 5-11,2014, Bretton Woods,New Hampshire,USA. New York： ACM Press, 2014: 204-217.
[6]	ENCK W , GILBERT P , CHUN B ,et al. Taintdroid:an information-flow tracking system for realtime privacy monitoring on smartphones[C]// 9th USENIX Conference on Operating Systems Design and Implementation,December 9-12,2010, Vancouver,BC,Canada. New Jersey： IEEE Press, 2010: 1-6.
[7]	Monkey[EB/OL].[2016-04-25]. .
[8]	WEI X , GOMEZ L , NEAMTIU I ,et al. Profile droid:multilayer profilin g of android applications[C]// 18th Annual International Conference on Mobile Computing and Networking(MobiCom 2012),June 11-15,2012, Istanbul,Turkey. New York： ACM Press, 2012: 137-148.
[9]	JIANG X , ZHOU Y . Dissecting android malware:Characterization and evolution[C]// 2012 IEEE Symposium on Security and Privacy,May 20-23,2012, San Francisco,USA. New Jersey： IEEE Press, 2012: 95-109.
[10]	SU X , ZHANG D , DAI S ,et al. Mobile traffic Identification based on applications network signature[J]. International Journal of Embedded Systems, 2016,8(2-3): 217-227.
[11]	DAI S , TONGAONKAR A , WANG X ,et al. Network profiler:Towards automatic fingerprinting of android apps[C]// 32nd IEEE International Conference on Computer Communications,Infocom 2013,June 5-7,2013, Turin,Italy. New Jersey： IEEE Press, 2013: 809-817.
[12]	XU Q , LIAO Y , MISKOVIC S ,et al. Automatic generation of mobile App signatures from traffic observations[C]// 34th IEEE International Conference on Computer Communications,Infocom 2015,November 3-5,2015, Hong Kong,China. New Jersey： IEEE Press, 2015: 1481-1489.
[13]	ZHOU Y , JIANG X . Dissecting android malware:characterization and evolution[C]// IEEE Symposium on Security and Privacy,June 5-9,2012, San Francisco,CA,USA. New Jersey： IEEE Press, 2012: 95-109.
[14]	Tcpdump[EB/OL].[2016-04-25]. .
[15]	Tools[EB/OL].[2016-04-25]. .
[16]	Jaccard index[EB/OL].[2016-04-25]. .
[17]	Adrd[EB/OL].[2016-04-25]. .
[18]	Trojan:droid dream light[EB/OL].(2011-07-23)[2016-04-25]. .
[19]	Alexa[EB/OL].[2016-04-25]. .
[20]	GRACE M , ZHOU W , JIANG X ,et al. Unsafe exposure analysis of mobile in-app advertisements[C]// Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks(WiSec 2012),November 3-5,2012, Tucson,Arizona,USA. New York： ACM Press, 2012: 101-112.
[21]	苏欣, 张大方, 罗章琪 ,等. 基于Command and Control通信信道流量属性聚类的僵尸网络检测方法[J]. 电子与信息学报, 2012,34(8): 1993-1999. SU X , ZHANG D F , LUO Z Q ,et al. Botnet detecting method based on clustering flow attributes of Command and Control communication channel[J]. Journal of Electronics ＆ Information Technology, 2012,34(8): 1993-1999.
[22]	Virus total[EB/OL].[2016-04-25]. .

Metrics

Recommended 0

No Suggested Reading articles found!

数据集	恶意应用数目/个	具有网络访问/个	正常运行/个	产生网络流量/个
Genome	1 260	1 171	952	952
未知类型	118	107	96	96

数据集	总共产生流个数/个	恶意流个数/个	正常流个数/个	广告流个数/个
Genome	26 889	3 804	10 936	17 189
未知类型	1 748	857	194	828

Jaccard指标	准确率	误判率	精准率	召回率	F值
0.2	0.851	0.149	0.858	0.851	0.852
0.4	0.937	0.063	0.878	0.937	0.906
0.6	0.989	0.011	0.989	0.989	0.989
0.8	0.974	0.026	0.972	0.971	0.972

数据集		流量解析	流量聚类	特征生成	特征合并
Genome	数目/个	26 889	3 804	660	623
	簇数目/个	-	370	-	99
未知类型	数目/个	1 748	851	84	79
	簇数目/个	-	64	-	11

数据集	流量解析	流量聚类	特征生成	特征合并	合计
Genome	5 min 47 s	4.7 s	1.8s	1.6s	5 min 55.1 s
未知类型	29 s	1.4s	1.1s	1s	32.5 s

HTTP behavior characteristics generation and extraction approach for Android malware

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 22

Related Articles 15

Metrics

Recommended 0

方法	流量解析	流量聚类	总共
本文方法	5 min 47 s	4.7s	5 min 51.7 s
参考文献[21]的方法	5 min 43 s	59 s	6 min 2 s

Android恶意应用家族	恶意应用数目/个
Anserverbot	13
ADRD	3
Basebrige	6
DroidKungfu	50
Plankton	10
DroidDreamLight	4
其他	10

特征类型	检测到的恶意应用数目/个	误判为恶意应用数目/个
通过名单过滤提取的特征	32	5
未通过名单过滤提取的特征	32	21

[1]	Shengli ZHOU, Keyi JIANG, Bo XU, Rui XU, Xikang ZHANG, Quanzhe ZHAO, Yangdong XU. Research on the effectiveness evaluation of cyber security curriculum construction for combating telecom network fraud [J]. Telecommunications Science, 2023, 39(6): 122-128.
[2]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[3]	Fuyuan CHEN, Zhenjiang DONG, Jiankuo DONG, Minjie XU. A survey of V2X security protection technologies [J]. Telecommunications Science, 2023, 39(3): 1-15.
[4]	Jingjie SHEN, Guangqiu LI, Yancui LUO, Huizhi LIU. Physical layer security of full-duplex relay-assisted D2D networks under outdated CSI [J]. Telecommunications Science, 2023, 39(3): 89-99.
[5]	Yu KANG, Yaqiong LIU, Tongyu ZHAO, Guochu SHOU. A survey on AI algorithms applied in communication and computation in Internet of vehicles [J]. Telecommunications Science, 2023, 39(1): 1-19.
[6]	Yifan DING, Guangqiu LI, Hui LI. Physical layer security of NOMA-D2D cooperative wireless system [J]. Telecommunications Science, 2022, 38(9): 83-94.
[7]	Jianwu ZHANG, Yanjun AN, Huangyan DENG. A survey on DNS attack detection and security protection [J]. Telecommunications Science, 2022, 38(9): 1-17.
[8]	Yusun FU, Jinhui TANG. A survey on 5G capabilities enabling the factories of the future [J]. Telecommunications Science, 2022, 38(9): 18-35.
[9]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[10]	Hongbin LUO, Shan ZHANG, Zhiyuan WANG. Interconnection and coexistence of heterogeneous network:requirements, challenges, and architecture [J]. Telecommunications Science, 2022, 38(6): 18-30.
[11]	Yifan DING, Guangqiu LI, Hui LI. Physical layer security for SWIPT-NOMA system in presence of randomly located eavesdroppers [J]. Telecommunications Science, 2022, 38(3): 133-142.
[12]	Shimulin XIE, Ijie BA, Xiang ZHANG, Zeyi TANG, Weifan NIAN, Xujie LIU. Task security scheduling method for 5G+MEC based grid edge computing platform [J]. Telecommunications Science, 2022, 38(12): 78-85.
[13]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[14]	Yunyi LIU, Jianmin ZHANG, Xiaoli FENG, Liwei ZHANG. 5G MEC system security capability deployment scheme [J]. Telecommunications Science, 2022, 38(11): 143-152.
[15]	Jianfeng CHEN, Miao CUI, Guangchi ZHANG, Qingqing WU, Hui ZENG. Secure communication optimization for double-IRS assisted SWIPT system [J]. Telecommunications Science, 2022, 38(1): 47-60.