Skip to main content
SpringerLink
Log in

DITA-NCG: Detecting Information Theft Attack Based on Node Communication Graph

  • Conference paper
  • First Online:
Computational Science – ICCS 2022 (ICCS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13350))

Included in the following conference series:

  • 1152 Accesses

Abstract

The emergence of information theft poses a serious threat to mobile users. Short message service (SMS), as a mainstream communication medium, is usually used by attackers to implement propagation, command and control. The previous detection works are based on the local perspective of terminals, and it is difficult to find all the victims and covert attackers for a theft event. In order to address this problem, we propose DITA-NCG, a method that globally detects information theft attacks based on node communication graph (NCG). The communication behavior of a NCG’s node is expressed by both call detail record (CDR) vectors and network flow vectors. Firstly, we use CDR vectors to implement social subgraph division and find suspicious subgraphs with SMS information entropy. Secondly, we use network flow vectors to distinguish information theft attack graphs from suspicious subgraphs, which help us to identify information theft attack. Finally, we evaluate DITA-NCG by using real world network flows and CDRs , and the result shows that DITA-NCG can effectively and globally detect information theft attack in mobile network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. App market of yingyongbao. https://android.myapp.com/ (2021)

  2. Virusshare. https://virusshare.com/ (2021)

  3. Virustotal. https://www.virustotal.com/ (2021)

  4. Alam, S., Alharbi, S.A., Yildirim, S.: Mining nested flow of dominant APIs for detecting android malware. Comput. Netw. 167, 107026 (2020)

    Article  Google Scholar 

  5. Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices 49(6), 259–269 (2014)

    Google Scholar 

  6. Blondel, V.D., Decuyper, A., Krings, G.: A survey of results on mobile phone datasets analysis. EPJ Data Sci. 4(1), 1–55 (2015). https://doi.org/10.1140/epjds/s13688-015-0046-0

    Article  Google Scholar 

  7. Bogomolov, A., Lepri, B., Staiano, J., Oliver, N., Pianesi, F., Pentland, A.: Once upon a crime: towards crime prediction from demographics and mobile data. In: Proceedings of the 16th International Conference on Multimodal Interaction, pp. 427–434. ACM (2014)

    Google Scholar 

  8. Cheng, Z., Chen, X., Zhang, Y., Li, S., Sang, Y.: Detecting information theft based on mobile network flows for android users. In: 2017 International Conference on Networking, Architecture, and Storage (NAS), pp. 1–10. IEEE (2017)

    Google Scholar 

  9. Cheng, Z., Chen, X., Zhang, Y., Li, S., Xu, J.: MUI-defender: CNN-Driven, network flow-based information theft detection for mobile users. In: Gao, H., Wang, X., Yin, Y., Iqbal, M. (eds.) CollaborateCom 2018. LNICST, vol. 268, pp. 329–345. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12981-1_23

    Chapter  Google Scholar 

  10. Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2016)

    Article  Google Scholar 

  11. De Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)

    Article  Google Scholar 

  12. Desnos, A., et al.: Androguard: Reverse engineering, malware and goodware analysis of android applications. https://code.google.com/p/androguard/153 (2013)

  13. Enck, W., et al.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)

    Google Scholar 

  14. Horak, R.: Telecommunications and Data Communications Handbook. Wiley (2007). https://books.google.com/books?id=dO2wCCB7w9sC

  15. N,B.: Fakespy - android information stealing malware attack to steal text messages, call records & contacts. https://gbhackers.com/fakespy/ (2019)

  16. Petersen, J.: The Telecommunications Illustrated Dictionary. CRC Press advanced and emerging communications technologies series, CRC Press (2002). https://books.google.com/books?id=b2mMzS0hCkAC

  17. Peterson, K.: Business Telecom Systems: A Guide to Choosing the Best Technologies and Services. Taylor & Francis (2000). https://books.google.com/books?id=W79R0niNU5wC

  18. Ratti, C., Sobolevsky, S., Calabrese, F., Andris, C., Reades, J., Martino, M., Claxton, R., Strogatz, S.H.: Redrawing the map of great Britain from a network of human interactions. PLoS ONE 5(12), e14248 (2010)

    Google Scholar 

  19. Ren, J., Rao, A., Lindorfer, M., Legout, A., Choffnes, D.: ReCon: revealing and controlling PII leaks in mobile network traffic. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pp. 361–374. ACM (2016)

    Google Scholar 

  20. Sultan, K., Ali, H., Ahmad, A., Zhang, Z.: Call details record analysis: a spatiotemporal exploration toward mobile traffic classification and optimization. Information 10(6), 192 (2019)

    Article  Google Scholar 

  21. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454. IEEE (2016)

    Google Scholar 

  22. Wang, S., Yan, Q., Chen, Z., Yang, B., Zhao, C., Conti, M.: Detecting android malware leveraging text semantics of network flows. IEEE Trans. Inf. Forensics Secur. 13(5), 1096–1109 (2017)

    Article  Google Scholar 

  23. Wu, L.: First kotlin-developed malicious app signs users up for premium sms services. http://t.cn/EMSyiof (2019)

  24. Yun, X., Li, S., Zhang, Y.: SMS worm propagation over contact social networks: modeling and validation. IEEE Trans. Inf. Forensics Secur. 10(11), 2365–2380 (2015)

    Article  Google Scholar 

  25. Zang, H., Bolot, J.: Anonymization of location data does not work: a large-scale measurement study. In: Proceedings of the 17th Annual International Conference on Mobile Computing and Networking, pp. 145–156. ACM (2011)

    Google Scholar 

  26. Zhang, Y., et al.: Lies in the air: characterizing fake-base-station spam ecosystem in china. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 521–534 (2020)

    Google Scholar 

Download references

Acknowledgement

This work is supported by the National Key Research and Development Program of China (Grant No. 2019YFB1005201). We would also like to thank the reviewers for the thorough comments and helpful suggestions.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Zhenyu Cheng, Shuhao Li, Jinbu Geng, Rui Qin & Li Fan

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Shuhao Li

  3. Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences, Beijing, China

    Shuhao Li

  4. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, China

    Xiaochun Yun

Authors
  1. Zhenyu Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaochun Yun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinbu Geng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rui Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Li Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaochun Yun .

Editor information

Editors and Affiliations

  1. Brunel University London, London, UK

    Derek Groen

  2. University of Amsterdam, Amsterdam, The Netherlands

    Clélia de Mulatier

  3. AGH University of Science and Technology, Krakow, Poland

    Maciej Paszynski

  4. University of Amsterdam, Amsterdam, The Netherlands

    Valeria V. Krzhizhanovskaya

  5. University of Tennessee at Knoxville, Knoxville, TN, USA

    Jack J. Dongarra

  6. University of Amsterdam, Amsterdam, The Netherlands

    Peter M. A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cheng, Z., Yun, X., Li, S., Geng, J., Qin, R., Fan, L. (2022). DITA-NCG: Detecting Information Theft Attack Based on Node Communication Graph. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2022. ICCS 2022. Lecture Notes in Computer Science, vol 13350. Springer, Cham. https://doi.org/10.1007/978-3-031-08751-6_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-08751-6_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-08750-9

  • Online ISBN: 978-3-031-08751-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation