N-Gram, Semantic-Based Neural Network for Mobile Malware Network Traffic Detection

Mobile malware poses a great challenge to mobile devices and mobile communication. With the explosive growth of mobile networks, it is significant to detect mobile malware for mobile security. Since most mobile malware relies on the networks to coordinate operations, steal information, or launch attacks, evading network monitor is difficult for the mobile malware. In this paper, we present an N-gram, semantic-based neural modeling method to detect the network traffic generated by the mobile malware. In the proposed scheme, we segment the network traffic into flows and extract the application layer payload from each packet. Then, the generated flow payload data are converted into the text form as the input of the proposed model. Each flow text consists of several domains with 20 words. The proposed scheme models the domain representation using convolutional neural network with multiwidth kernels from each domain. Afterward, relationships of domains are adaptively encoded in flow representation using gated recurrent network and then the classification result is obtained from an attention layer. A series of experiments have been conducted to verify the effectiveness of our proposed scheme. In addition, to compare with the state-of-the-art methods, several comparative experiments also are conducted. The experiment results depict that our proposed scheme is better in terms of accuracy.

[1]  Abdulrahman Alruban,et al.  IoT Malware Network Traffic Classification using Visual Representation and Deep Learning , 2020, 2020 6th IEEE Conference on Network Softwarization (NetSoft).

[2]  William Enck,et al.  AppsPlayground: automatic security analysis of smartphone applications , 2013, CODASPY.

[3]  Yuval Elovici,et al.  Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method , 2010, J. Syst. Softw..

[4]  Witawas Srisa-an,et al.  SigPID: significant permission identification for android malware detection , 2016, 2016 11th International Conference on Malicious and Unwanted Software (MALWARE).

[5]  Yuewu Wang,et al.  DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices , 2015, NDSS.

[6]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[7]  Somesh Jha,et al.  An architecture for generating semantics-aware signatures , 2005 .

[8]  Nick Feamster,et al.  Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces , 2010, NSDI.

[9]  Anshul Arora,et al.  Malware Detection Using Network Traffic Analysis in Android Based Mobile Devices , 2014, 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies.

[10]  Gianluca Stringhini,et al.  MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version) , 2016, NDSS 2017.

[11]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.

[12]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Sung-Ho Yoon,et al.  Internet Application Traffic Classification Using Fixed IP-Port , 2009, APNOMS.

[14]  K. P. Soman,et al.  Detecting Android malware using Long Short-term Memory (LSTM) , 2018, J. Intell. Fuzzy Syst..

[15]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[16]  Xiaofeng Wang,et al.  UIPicker: User-Input Privacy Identification in Mobile Applications , 2015, USENIX Security Symposium.

[17]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[18]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..

[19]  A. N. Cadavid,et al.  Framework for malware analysis in Android , 2016 .

[20]  Arnaud Legout,et al.  ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic , 2015, MobiSys.

[21]  Xiangliang Zhang,et al.  Constructing Features for Detecting Android Malicious Applications: Issues, Taxonomy and Directions , 2019, IEEE Access.

[22]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[23]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[24]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[25]  Yu Zhou,et al.  A Semantics-Aware Approach to the Automated Network Protocol Identification , 2016, IEEE/ACM Transactions on Networking.

[26]  Ali A. Ghorbani,et al.  Android Botnets: What URLs are Telling Us , 2015, NSS.

[27]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[28]  Mauro Conti,et al.  Detecting Android Malware Leveraging Text Semantics of Network Flows , 2017, IEEE Transactions on Information Forensics and Security.

[29]  Hui Li,et al.  A Two-Layer Deep Learning Method for Android Malware Detection Using Network Traffic , 2020, IEEE Access.

[30]  Arash Habibi Lashkari,et al.  Extensible Android Malware Detection and Family Classification Using Network-Flows and API-Calls , 2019, 2019 International Carnahan Conference on Security Technology (ICCST).

[31]  Ali A. Ghorbani,et al.  Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification , 2018, 2018 International Carnahan Conference on Security Technology (ICCST).

[32]  Huy Kang Kim,et al.  Andro-profiler: anti-malware system based on behavior profiling of mobile malware , 2014, WWW.

[33]  Aziz Mohaisen,et al.  Detecting and Classifying Android Malware Using Static Analysis along with Creator Information , 2015, Int. J. Distributed Sens. Networks.

[34]  Ali A. Ghorbani,et al.  DroidKin: Lightweight Detection of Android Apps Similarity , 2014, SecureComm.

[35]  Tzi-cker Chiueh,et al.  Automatic Generation of String Signatures for Malware Detection , 2009, RAID.

[36]  Yanfang Ye,et al.  HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network , 2017, KDD.