Abstract
In recent years, a dramatic change was bring to us with the rapid development of intelligent terminal technology and the popularity of mobile services. Android platforms alone have produced staggering revenues, which has attracted cybercriminals and increased malware in Android markets at an alarming rate. However, the mobile phone network traffic is used to analyze malicious software recently, but this method lack of a visual way to understand network behavior of malware as well as without integrity explanation. In this paper, we introduced a method that can reconstructed the Android applications’ network behavior based on application layer traffic. We reconstruct the application network behavior in two ways, namely, network behavior time sequence model and network connection behavior model, we can understand the network behavior of Android applications by the model we reconstructed, it provides the network interaction process integrity explanation and shows that malwares traffic include malicious traffic and normal traffic.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
King, R.: Google readies android ‘kitkat’ amid 1 billion device activations milestone, September 2013
Chen, Z., Han, H., Yan, Q., et al.: A first look at android malware traffic in first few minutes. In: International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015. IEEE (2015)
Lee, J., Lee, H.: GMAD: graph-based malware activity detection by DNS traffic analysis. Comput. Commun. 49, 33–47 (2014)
Zheran Fang, Y.L., Han, W.: Permission based android security: Issues and countermeasures. Comput. Secur. 43, 205–218 (2014)
Enck, W., Ongtang, M., McDaniel, P.: Understanding Android security. IEEE Security and Privacy Magazine (2009)
Android. http://developer.android.com/tools/help/monkeyrunner/uline_concepts.html
Yajin, Z., Xuxian, J.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)
VirusTotal. https://www.virustotal.com/
Fattori, A., Tam, K., Khan, S.J., Cavallaro, L., Reina, A.: On the Reconstruction of Android Malware Behaviors. This is pioneering work which uses Binder as a central component of an Android malware analysis system (2014). http://www.isg.rhul.ac.uk/sullivan/pubs/tr/MA-2014-01.pdf
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on IEEE Security and Privacy (SP), Conference Proceedings, pp. 95–109 (2012)
Falaki, H., Lymberopoulos, D., Mahajan, R., Kandula, S., Estrin, D.: A First look at traffic on smartphones. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, Conference Proceedings, pp. 281–287. ACM (2010)
Acknowledgments
This work was supported by the National Natural Science Foundation of China under Grants No. 61472164 and No. 61203105, the Natural Science Foundation of Shandong Province under Grants No. ZR2014JL042 and No. ZR2012FM010.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Li, Q., Zhang, L., Hou, S., Chen, Z., Han, H. (2015). Reconstruction of Android Applications’ Network Behavior Based on Application Layer Traffic. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-27161-3_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27160-6
Online ISBN: 978-3-319-27161-3
eBook Packages: Computer ScienceComputer Science (R0)