论文信息 - Research of android malware detection based on network traffic monitoring

Research of android malware detection based on network traffic monitoring

With Android terminal into the life of people, the spread of Android malware seriously affected people's life. As a result of the Android security flaws, attackers can easily collect private information of users, and the information can be utilized in APT attacks. It is not only a threat to the end user, but also poses a threat to industrial control systems and mobile Internet. In this paper, we propose a network traffic monitoring system used in the detection of Android malware. The system consists of four components: traffic monitoring, traffic anomaly recognition, response processing and cloud storage. The system parses the protocol of data packets and extracts the feature data, then use SVM classification algorithm for data classification, determine whether the network traffic is abnormal, and locate the application that produced abnormal through the correlation analysis. The system not only can automatic response and process the malicious software, but also can generate new security policy from existing information and training data; When training data is reaching a certain amount, it will trigger a new round of training to improve the ability of detection. Finally, we experiment on the system, the experimental results show that our system can effectively detect the Android malware and control the application.

[1] Guo Li. APT Threat Detection and Protection of Integrated Network Space , 2013 .

[2] Cui Xiang,et al. Survey of Botnets , 2011 .

[3] Liu Jiang,et al. SUPPORT VECTOR MACHINE TRAINING ALGORITHM: A REVIEW , 2002 .

[4] Bernhard E. Boser,et al. A training algorithm for optimal margin classifiers , 1992, COLT '92.

[5] Yajin Zhou,et al. Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[6] Su Di-xin. Research of Smart Phone Malware Detection Based on Anomaly Data Flow Monitoring , 2012 .

[7] Zhilei Wang,et al. Control Method of Twitter- and SMS-Based Mobile Botnet , 2012, ISCTCS.

[8] Chih-Jen Lin,et al. LIBSVM: A library for support vector machines , 2011, TIST.

[9] Luo Xianghong and Shu Jiwu. Summary of Research for Erasure Code in Storage System , 2012 .

[10] Corinna Cortes,et al. Support-Vector Networks , 1995, Machine Learning.

[11] Dale C. Rowe,et al. A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.