AppFA: A Novel Approach to Detect Malicious Android Applications on the Network-Reference-Cited by-同舟云学术

AppFA: A Novel Approach to Detect Malicious Android Applications on the Network

Published:2018-04-17 Issue: Volume:2018 Page:1-15
ISSN:1939-0114
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

He Gaofeng¹,Xu Bingfeng²^ORCID,Zhu Haiting¹

Affiliation:

1. School of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing 210003, China

2. College of Information Science and Technology, Nanjing Forestry University, Nanjing 210037, China

Abstract

We propose AppFA, an Application Flow Analysis approach, to detect malicious Android applications (simply apps) on the network. Unlike most of the existing work, AppFA does not need to install programs on mobile devices or modify mobile operating systems to extract detection features. Besides, it is able to handle encrypted network traffic. Specifically, we propose a constrained clustering algorithm to classify apps network traffic, and use Kernel Principal Component Analysis to build their network behavior profiles. After that, peer group analysis is explored to detect malicious apps by comparing apps’ network behavior profiles with the historical data and the profiles of their selected peer groups. These steps can be repeated every several minutes to meet the requirement of online detection. We have implemented AppFA and tested it with a public dataset. The experimental results show that AppFA can cluster apps network traffic efficiently and detect malicious Android apps with high accuracy and low false positive rate. We have also tested the performance of AppFA from the computational time standpoint.

Funder

National Natural Science Foundation of China

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2018/2854728.pdf

Reference24 articles.

1. Assessing Privacy Risks in Android: A User-Centric Approach

2. The Evolution of Android Malware and Android Analysis Techniques

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SAndro: Artificial Intelligence Enabled Detection Framework of Adware Attacks on Android Machines;2023 Global Conference on Information Technologies and Communications (GCITC);2023-12-01

2. ANDROIDGYNY: Reviewing clustering techniques for Android malware family classification;Digital Threats: Research and Practice;2023-03-14

3. A Systematic Evaluation of Android Anti-Malware Tools for Detection of Contemporary Malware;2021 IEEE 19th International Conference on Embedded and Ubiquitous Computing (EUC);2021-10

4. GSDroid: Graph Signal Based Compact Feature Representation for Android Malware Detection;Expert Systems with Applications;2020-11

5. On-Device Detection of Repackaged Android Malware via Traffic Clustering;Security and Communication Networks;2020-05-31