Skip to main content
SpringerLink
Log in
Book cover

International Conference on Artificial Intelligence and Security

ICAIS 2019: Artificial Intelligence and Security pp 293–303Cite as

Android Malware Identification Based on Traffic Analysis

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11632))

Abstract

As numerous new techniques for Android malware attacks have growingly emerged and evolved, Android malware identification is extremely crucial to prevent mobile applications from being hacked. Machine learning techniques have shown extraordinary capabilities in various fields. A common problem with existing research of malware traffic identification based on machine learning approaches is the need to design a set of features that accurately reflect network traffic characteristics. Obtaining a high accuracy for identifying Android malware traffic is also a challenging problem. This paper analyses the Android malware traffic and extract 15 features which is a combination of time-related network flow feature and packets feature. We then use three supervised machine learning methods to identify Android malware traffic. Experimental results show that the feature set we proposed can accurately characterize the traffic and all three classifiers achieve high accuracy.

This work was supported by the Fundamental Research Funds for the Central Universities of China under Grants 2017JBM021 and 2016JBZ006, and CETC Joint Fund under Grant 6141B08020101.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Taylor, V.F., Spolaor, R., Conti, M., et al.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: IEEE European Symposium on Security & Privacy. IEEE (2016)

    Google Scholar 

  2. https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/

  3. Shen, M., Wei, M., Zhu, L., et al.: Certificate-aware encrypted traffic classification using second-order Markov chain. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS). ACM (2016)

    Google Scholar 

  4. Cui, J., Zhang, Y., Cai, Z., Liu, A., Li, Y.: Securing display path for security-sensitive applications on mobile devices. CMC Comput. Mater. Continua 55(1), 017–035 (2018)

    Google Scholar 

  5. Malicious mobile threats report 2011/2012. http://apo.org.au/node/29815

  6. Gao, C.-X., Wu, Y.-B., Cong, W., et al.: Encrypted traffic classification based on packet length distribution of sampling sequence. J. Commun. 36(9), 65–75 (2015)

    Google Scholar 

  7. Biersack, E., Callegari, C., Matijasevic, M. (eds.): Data Traffic Monitoring and Analysis. LNCS, vol. 7754. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36784-7

    Book  Google Scholar 

  8. Conti, M., Mancini, L.V., Spolaor, R., et al.: Analyzing Android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2016)

    Article  Google Scholar 

  9. Bujlow, T., Carela-Espaiol, V., Barlet-Ros, P.: Independent comparison of popular DPI tools for traffic classification. Comput. Netw. 76, 75–89 (2015)

    Article  Google Scholar 

  10. Madhukar, A., Williamson, C.: A longitudinal study of P2P traffic classification. In: IEEE International Symposium on Modeling. IEEE (2006)

    Google Scholar 

  11. Finsterbusch, M., Richter, C., Rocha, E., et al.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135–1156 (2014)

    Article  Google Scholar 

  12. Feizollah, A., Anuar, N.B., Salleh, R.: Evaluation of network traffic analysis using fuzzy C-means clustering algorithm in mobile malware detection. Adv. Sci. Lett. 24(2), 929–932 (2018)

    Article  Google Scholar 

  13. Okada, Y., Ata, S., Nakamura, N., et al.: Application identification from encrypted traffic based on characteristic changes by encryption. In: 2011 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR). IEEE (2011)

    Google Scholar 

  14. Gui, X., Liu, J., Chi, M., et al.: Analysis of malware application based on massive network traffic. China Commun. 13(8), 209–221 (2016)

    Article  Google Scholar 

  15. Zuquete, A., Rocha, M.: Identification of source applications for enhanced traffic analysis and anomaly detection. In: IEEE International Conference on Communications (2012)

    Google Scholar 

  16. Kohout, J., Komrek, T., Tech, P., et al.: Learning communication patterns for malware discovery in HTTPs data. Exp. Syst. Appl. 101, 129–142 (2018)

    Article  Google Scholar 

  17. Velan, P., Permk, M., Teleda, P., et al.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25(5), 355–374 (2015)

    Article  Google Scholar 

  18. Alshammari, R., Zincir-Heywood, A.N.: An investigation on the identification of VoIP traffic: case study on Gtalk and Skype. In: International Conference on Network & Service Management (2010)

    Google Scholar 

  19. Wang, D., Zhang, L., Yuan, Z., et al.: Characterizing application behaviors for classifying P2P traffic. In: International Conference on Computing (2014)

    Google Scholar 

  20. Coull, S.E., Dyer, K.P.: Traffic analysis of encrypted messaging services: Apple iMessage and beyond. ACM SIGCOMM Comput. Commun. Rev. 44(5), 5–11 (2014)

    Article  Google Scholar 

  21. Mauro, M.D., Longo, M.: Revealing encrypted WebRTC traffic via machine learning tools. In: International Joint Conference on E-business & Telecommunications. IEEE (2016)

    Google Scholar 

  22. Korczynski, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: Infocom. IEEE (2014

    Google Scholar 

  23. Koch, R., Rodosek, G.D.: Command evaluation in encrypted remote sessions. In: International Conference on Network & System Security. IEEE Computer Society (2010)

    Google Scholar 

  24. Aghaei-Foroushani, V., Zincir-Heywood, A.: A proxy identifier based on patterns in traffic flows. In: HASE, January 2015

    Google Scholar 

  25. Cheng, J., Ruomeng, X., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. CMC Comput. Mater. Continua 55(1), 095–119 (2018)

    Google Scholar 

  26. Du, Y., Zhang, R.: Design of a method for encrypted P2P traffic identification using K-means algorithm. Telecommun. Syst. 53(1), 163–168 (2013)

    Article  Google Scholar 

  27. Alshammari, R., Zincir-Heywood, A.N.: Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput. Netw. 55(6), 1326–1350 (2011)

    Article  Google Scholar 

  28. Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark android malware datasets and classification. In: Proceedings of the 52nd IEEE International Carnahan Conference on Security Technology (ICCST), Montreal, Quebec, Canada (2018)

    Google Scholar 

  29. Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Towards a network-based framework for android malware detection and characterization. In: Proceeding of the 15th International Conference on Privacy, Security and Trust, PST, Calgary, Canada (2017)

    Google Scholar 

  30. Xiao, B., Wang, Z., Liu, Q., Liu, X.: SMK-means: an improved mini batch K-means algorithm based on MapReduce with big data. CMC Comput. Mater. Continua 56(3), 365–379 (2018)

    MathSciNet  Google Scholar 

  31. Dhote, Y., Agrawal, S.: A survey on feature selection techniques for internet traffic classification. In: Computational Intelligence and Communication Networks, Jabalpur, pp. 1375–1380 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Innovation Center and Mobile Internet Development and Research Center, China Academy of Electronics and Information Technology, Beijing, 100041, China

    Rong Chen & Yangyang Li

  2. Beijing Jiaotong University, Beijing, 100044, China

    Rong Chen & Weiwei Fang

Authors
  1. Rong Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yangyang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weiwei Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yangyang Li .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, R., Li, Y., Fang, W. (2019). Android Malware Identification Based on Traffic Analysis. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11632. Springer, Cham. https://doi.org/10.1007/978-3-030-24274-9_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24274-9_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24273-2

  • Online ISBN: 978-3-030-24274-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation