Abstract
We present a malware detection technique for android using network traffic analysis. The proposed malware detection tool, termed as MalDetec, uses a non-root approach to notify the user in real-time about any malicious URL (Uniform Resource Locator) requests by any malware. MalDetec parses the packet dump file and merges it with the output of our network traffic analysis to generate App-URL pairing in real-time. This is later scanned by Virustotal databases and the user gets notified of suspicious URL requests. In addition, MalDetec maintains a local database containing results of previous scans for quick look-up during future scans. The experimental results show that MalDetec successfully detects the applications accessing malicious URLs, in real-time without having root privileges.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gartner report 2017. http://www.gartner.com/newsroom/id/3609817
Nokia Threat Intelligence Report. Mobile infection rates rose steadily in 2016
Honig, A., Sikorski, M.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco (2012)
Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in Android based mobile devices. In: Proceedings of International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 66–71( 2014)
Qian, Q., Cai, J., Xie, M., Zhang, R.: Malicious behavior analysis for Android applications. Int. J. Netw Secur. 18(1), 182–192 (2016)
Distler, D.: Malware Analysis: An introduction. SANS Institute InfoSec, Reading (2007)
CWSandbox Automates Malware Analysis. http://www.securitypronews.com/cwsandbox-automates-malware-analysis-2006-10. Accessed July 2016
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334 (2013)
Song, Y., Hengartner, U.: PrivacyGuard: a VPN-based platform to detect information leakage on Android devices. In: Proceedings of ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2015)
Chandramohan, M., Tan, H.: Detection of mobile malware in the wild. IEEE J. Comput. 45(9), 65–71 (2012)
Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for Android malware detection. In: Proceedings of International Conference on Computational Intelligence and Security, pp. 1011–1015 (2011)
tPacketCapture. http://www.taosoftware.co.jp/en/android/packetcapture/
Zaman, M., Siddiqui, T., Amin, M.R., Hossain, S.M.: Malware detection in Android by network traffic analysis. In: Proceedings of International Conference on Networking Systems and Security (2015)
VpnService. https://developer.android.com/reference/android/net/VpnService.html
J Oberheide. Parsing a PCAP file. https://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/. Accessed Jan 2017
Kivy - Open source Python library. https://kivy.org/. Accessed Jan 2017
/proc/net/tcp documentation. https://goo.gl/2TVZNp. Accessed Jan 2017
DUMPSYS: Tool to get system services details by ADB. https://developer.android.com/studio/command-line/dumpsys.html
VirusTotal. https://www.virustotal.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Trivedi, N., Das, M.L. (2017). MalDetec: A Non-root Approach for Dynamic Malware Detection in Android. In: Shyamasundar, R., Singh, V., Vaidya, J. (eds) Information Systems Security. ICISS 2017. Lecture Notes in Computer Science(), vol 10717. Springer, Cham. https://doi.org/10.1007/978-3-319-72598-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-72598-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72597-0
Online ISBN: 978-3-319-72598-7
eBook Packages: Computer ScienceComputer Science (R0)