Abstract
As numerous new techniques for Android malware attacks have growingly emerged and evolved, Android malware identification is extremely crucial to prevent mobile applications from being hacked. Machine learning techniques have shown extraordinary capabilities in various fields. A common problem with existing research of malware traffic identification based on machine learning approaches is the need to design a set of features that accurately reflect network traffic characteristics. Obtaining a high accuracy for identifying Android malware traffic is also a challenging problem. This paper analyses the Android malware traffic and extract 15 features which is a combination of time-related network flow feature and packets feature. We then use three supervised machine learning methods to identify Android malware traffic. Experimental results show that the feature set we proposed can accurately characterize the traffic and all three classifiers achieve high accuracy.
This work was supported by the Fundamental Research Funds for the Central Universities of China under Grants 2017JBM021 and 2016JBZ006, and CETC Joint Fund under Grant 6141B08020101.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Taylor, V.F., Spolaor, R., Conti, M., et al.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: IEEE European Symposium on Security & Privacy. IEEE (2016)
https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/
Shen, M., Wei, M., Zhu, L., et al.: Certificate-aware encrypted traffic classification using second-order Markov chain. In: 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS). ACM (2016)
Cui, J., Zhang, Y., Cai, Z., Liu, A., Li, Y.: Securing display path for security-sensitive applications on mobile devices. CMC Comput. Mater. Continua 55(1), 017–035 (2018)
Malicious mobile threats report 2011/2012. http://apo.org.au/node/29815
Gao, C.-X., Wu, Y.-B., Cong, W., et al.: Encrypted traffic classification based on packet length distribution of sampling sequence. J. Commun. 36(9), 65–75 (2015)
Biersack, E., Callegari, C., Matijasevic, M. (eds.): Data Traffic Monitoring and Analysis. LNCS, vol. 7754. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36784-7
Conti, M., Mancini, L.V., Spolaor, R., et al.: Analyzing Android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2016)
Bujlow, T., Carela-Espaiol, V., Barlet-Ros, P.: Independent comparison of popular DPI tools for traffic classification. Comput. Netw. 76, 75–89 (2015)
Madhukar, A., Williamson, C.: A longitudinal study of P2P traffic classification. In: IEEE International Symposium on Modeling. IEEE (2006)
Finsterbusch, M., Richter, C., Rocha, E., et al.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135–1156 (2014)
Feizollah, A., Anuar, N.B., Salleh, R.: Evaluation of network traffic analysis using fuzzy C-means clustering algorithm in mobile malware detection. Adv. Sci. Lett. 24(2), 929–932 (2018)
Okada, Y., Ata, S., Nakamura, N., et al.: Application identification from encrypted traffic based on characteristic changes by encryption. In: 2011 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR). IEEE (2011)
Gui, X., Liu, J., Chi, M., et al.: Analysis of malware application based on massive network traffic. China Commun. 13(8), 209–221 (2016)
Zuquete, A., Rocha, M.: Identification of source applications for enhanced traffic analysis and anomaly detection. In: IEEE International Conference on Communications (2012)
Kohout, J., Komrek, T., Tech, P., et al.: Learning communication patterns for malware discovery in HTTPs data. Exp. Syst. Appl. 101, 129–142 (2018)
Velan, P., Permk, M., Teleda, P., et al.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25(5), 355–374 (2015)
Alshammari, R., Zincir-Heywood, A.N.: An investigation on the identification of VoIP traffic: case study on Gtalk and Skype. In: International Conference on Network & Service Management (2010)
Wang, D., Zhang, L., Yuan, Z., et al.: Characterizing application behaviors for classifying P2P traffic. In: International Conference on Computing (2014)
Coull, S.E., Dyer, K.P.: Traffic analysis of encrypted messaging services: Apple iMessage and beyond. ACM SIGCOMM Comput. Commun. Rev. 44(5), 5–11 (2014)
Mauro, M.D., Longo, M.: Revealing encrypted WebRTC traffic via machine learning tools. In: International Joint Conference on E-business & Telecommunications. IEEE (2016)
Korczynski, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: Infocom. IEEE (2014
Koch, R., Rodosek, G.D.: Command evaluation in encrypted remote sessions. In: International Conference on Network & System Security. IEEE Computer Society (2010)
Aghaei-Foroushani, V., Zincir-Heywood, A.: A proxy identifier based on patterns in traffic flows. In: HASE, January 2015
Cheng, J., Ruomeng, X., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. CMC Comput. Mater. Continua 55(1), 095–119 (2018)
Du, Y., Zhang, R.: Design of a method for encrypted P2P traffic identification using K-means algorithm. Telecommun. Syst. 53(1), 163–168 (2013)
Alshammari, R., Zincir-Heywood, A.N.: Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput. Netw. 55(6), 1326–1350 (2011)
Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark android malware datasets and classification. In: Proceedings of the 52nd IEEE International Carnahan Conference on Security Technology (ICCST), Montreal, Quebec, Canada (2018)
Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Towards a network-based framework for android malware detection and characterization. In: Proceeding of the 15th International Conference on Privacy, Security and Trust, PST, Calgary, Canada (2017)
Xiao, B., Wang, Z., Liu, Q., Liu, X.: SMK-means: an improved mini batch K-means algorithm based on MapReduce with big data. CMC Comput. Mater. Continua 56(3), 365–379 (2018)
Dhote, Y., Agrawal, S.: A survey on feature selection techniques for internet traffic classification. In: Computational Intelligence and Communication Networks, Jabalpur, pp. 1375–1380 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, R., Li, Y., Fang, W. (2019). Android Malware Identification Based on Traffic Analysis. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11632. Springer, Cham. https://doi.org/10.1007/978-3-030-24274-9_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-24274-9_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24273-2
Online ISBN: 978-3-030-24274-9
eBook Packages: Computer ScienceComputer Science (R0)