• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

De-cloaking Malicious Activities in Smartphones Using HTTP Flow Mining

Vol. 11, No. 6, June 29, 2017
10.3837/tiis.2017.06.023, Download Paper (Free):

Abstract

Android malware steals users’ private information, and embedded unsafe advertisement (ad) libraries, which execute unsafe code causing damage to users. The majority of such traffic is HTTP and is mixed with other normal traffic, which makes the detection of malware and unsafe ad libraries a challenging problem. To address this problem, this work describes a novel HTTP traffic flow mining approach to detect and categorize Android malware and unsafe ad library. This work designed AndroCollector, which can automatically execute the Android application (app) and collect the network traffic traces. From these traces, this work extracts HTTP traffic features along three important dimensions: quantitative, timing, and semantic and use these features for characterizing malware and unsafe ad libraries. Based on these HTTP traffic features, this work describes a supervised classification scheme for detecting malware and unsafe ad libraries. In addition, to help network operators, this work describes a fine-grained categorization method by generating fingerprints from HTTP request methods for each malware family and unsafe ad libraries. This work evaluated the scheme using HTTP traffic traces collected from 10778 Android apps. The experimental results show that the scheme can detect malware with 97% accuracy and unsafe ad libraries with 95% accuracy when tested on the popular third-party Android markets.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
X. Su, X. Liu, J. Lin, S. He, Z. Fu, W. Li, "De-cloaking Malicious Activities in Smartphones Using HTTP Flow Mining," KSII Transactions on Internet and Information Systems, vol. 11, no. 6, pp. 3230-3253, 2017. DOI: 10.3837/tiis.2017.06.023.

[ACM Style]
Xin Su, Xuchong Liu, Jiuchuang Lin, Shiming He, Zhangjie Fu, and Wenjia Li. 2017. De-cloaking Malicious Activities in Smartphones Using HTTP Flow Mining. KSII Transactions on Internet and Information Systems, 11, 6, (2017), 3230-3253. DOI: 10.3837/tiis.2017.06.023.

[BibTeX Style]
@article{tiis:21488, title="De-cloaking Malicious Activities in Smartphones Using HTTP Flow Mining", author="Xin Su and Xuchong Liu and Jiuchuang Lin and Shiming He and Zhangjie Fu and Wenjia Li and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2017.06.023}, volume={11}, number={6}, year="2017", month={June}, pages={3230-3253}}