Skip to main content
SpringerLink
Log in

NeSeDroid—Android Malware Detection Based on Network Traffic and Sensitive Resource Accessing

  • Conference paper
  • First Online:
Book cover Proceedings of the International Conference on Data Engineering and Communication Technology

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 469))

Abstract

The Android operating system has a large market share. The number of new malware on Android is increasing much recently. Android malware analysis includes static analysis and dynamic analysis. Limitations of static analysis are the difficulty in analyzing the malware using encryption techniques, to confuse the source, and to change behavior itself. In this paper, we proposed a hybrid analysis method, named NeSeDroid. This method used static analysis to detect the sensitive resource accessing. It also used dynamic analysis to detect sensitive resource leakage, through Internet connection. The method is tested on the list of applications which are downloaded from Android Apps Market, Genome Malware Project dataset and our additional samples in DroidBench dataset. The evaluation results show that the NeSeDroid has the high accuracy and it reduces the rate of fail positive detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Corporation, I.D. 2015; Available from: http://www.idc.com/prodserv/smartphone-os-market-share.jsp.

  2. F-Secure. 2014; Available from: https://www.f-secure.com/documents/996508/1030743/Mobile_Threat_Report_Q1_2014.pdf.

  3. Sanz, B., et al., MAMA: Manifest Analysis For Malware Detection In Android. Cybern. Syst., pp. 469–488 (2013).

    Google Scholar 

  4. Moonsamy, V., et al., Contrasting Permission Patterns between Clean and Malicious Android Applications, in Security and Privacy in Communication Networks, T. Zia, et al., Springer International Publishing. pp. 69–85 (2013).

    Google Scholar 

  5. Gascon, H., et al., Structural detection of android malware using embedded call graphs, in Proceedings of the 2013 ACM workshop on Artificial intelligence and security. ACM: Berlin, Germany. pp. 45–54 (2013).

    Google Scholar 

  6. Li, L., et al., IccTA: Detecting Inter-Component Privacy Leaks in Android Apps, in The 37th International Conference on Software Engineering (ICSE). Firenze, Italy (2015).

    Google Scholar 

  7. Li, L., et al. Automatically Exploiting Potential Component Leaks in Android Applications. in Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on. (2014).

    Google Scholar 

  8. Aafer, Y., W. Du, and H. Yin, DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android, in Security and Privacy in Communication Networks, T. Zia, et al., Springer International Publishing. pp. 86–103 (2013).

    Google Scholar 

  9. Arzt, S., et al., FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps, in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM: Edinburgh, United Kingdom. pp. 259–269 (2014).

    Google Scholar 

  10. Bagheri, H., et al., COVERT: Compositional Analysis of Android Inter-App Permission Leakage. Software Engineering, IEEE Transactions on, pp. 1–1 (2015).

    Google Scholar 

  11. Dini, G., et al., MADAM: a multi-level anomaly detector for android malware, in Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security. Springer-Verlag: St. Petersburg, Russia. pp. 240–253 (2012).

    Google Scholar 

  12. Shabtai, A., et al., “Andromaly”: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst., pp. 161–190 (2012).

    Google Scholar 

  13. Zheng, C., et al., SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications, in Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices. ACM: Raleigh, North Carolina, USA. pp. 93–104 (2012).

    Google Scholar 

  14. Enck, W., et al., TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones, in Proceedings of the 9th USENIX conference on Operating systems design and implementation. USENIX Association: Vancouver, BC, Canada. pp. 1–6 (2010).

    Google Scholar 

  15. Zaman, M., et al. Malware detection in Android by network traffic analysis. in Networking Systems and Security (NSysS) (2015).

    Google Scholar 

  16. Wu, X., et al., Detect repackaged Android application based on HTTP traffic similarity. Security and Communication Networks, (2015).

    Google Scholar 

  17. Zheng, M., M. Sun, and J.C.S. Lui, DroidRay: a security evaluation system for customized android firmwares, in Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM: Kyoto, Japan. pp. 471–482 (2014).

    Google Scholar 

  18. Feldman, S., D. Stadther, and W. Bing. Manilyzer: Automated Android Malware Detection through Manifest Analysis. in Mobile Ad Hoc and Sensor Systems (MASS), IEEE 11th International Conference on. (2014).

    Google Scholar 

  19. Mobile security threat report. 2015 [cited 2015 April 10]; Available from: http://www.sophos.com/en-us/threat-center/mobile-security-threat-report.aspx.

  20. Feizollah, A., et al. Comparative study of k-means and mini batch k-means clustering algorithms in android malware detection using network traffic analysis. in Biometrics and Security Technologies (ISBAST), 2014 International Symposium on. (2014).

    Google Scholar 

  21. Jun, L., et al. Research of android malware detection based on network traffic monitoring. in Industrial Electronics and Applications (ICIEA), 2014 IEEE 9th Conference on. (2014).

    Google Scholar 

  22. Shabtai, A., et al., Mobile malware detection through analysis of deviations in application network behavior. Computers & Security, pp. 1–18 (2014).

    Google Scholar 

  23. Malware Domain Blocklist. [cited 2015 July 10]; Available from: http://www.malwaredomains.com/?page_id=23.

  24. Android Malware Genome Project 2015; Available from: http://www.malgenomeproject.org/.

  25. Rasthofer, S., S. Arzt, and E. Bodden, A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks. (2014).

    Google Scholar 

  26. ApkTool. 2015; Available from: https://github.com/iBotPeaches/Apktool.

  27. dex2jar: Tools to work with android .dex and java .class files 2015 [cited 2015 May 20]; Available from: https://github.com/pxb1988/dex2jar.

  28. WireShark. 2015 [cited 2015 May 20]; Available from: https://www.wireshark.org/.

  29. Android-x86 Project - Run Android on Your PC. 2015 [cited 2015 May 10]; Available from: http://www.android-x86.org/.

  30. Ubuntu 12.04.5 LTS (Precise Pangolin). 2015 [cited 2015 May 2]; Available from: http://releases.ubuntu.com/12.04/.

Download references

Acknowledgments

Our thanks to professors of Science and Technology faculty of HoaSen University and professors of Telecommunication and Networking faculty of University of Science (Vietnam National University–Ho Chi Minh City) who have many positive comments and value reviews.

Author information

Authors and Affiliations

  1. Department of Science and Technology, Hoa Sen University, Ho Chi Minh, Vietnam

    Nguyen Tan Cam

  2. Department of Information Technology, University of Science, Vietnam National University, Ho Chi Minh, Vietnam

    Nguyen Cam Hong Phuoc

Authors
  1. Nguyen Tan Cam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nguyen Cam Hong Phuoc
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nguyen Tan Cam .

Editor information

Editors and Affiliations

  1. Department of Computer Science & Engineering, ANITS, Visakhapatnam, Andhra Pradesh, India

    Suresh Chandra Satapathy

  2. Dept. of ECE, Shri Ramswaroop Mem. Group of Prof. Clg, Lucknow, Uttar Pradesh, India

    Vikrant Bhateja

  3. Sabar Institute of Technology, Tajpur, Sabarkantha, Gujarat, India

    Amit Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Science+Business Media Singapore

About this paper

Cite this paper

Cam, N.T., Phuoc, N.C.H. (2017). NeSeDroid—Android Malware Detection Based on Network Traffic and Sensitive Resource Accessing. In: Satapathy, S., Bhateja, V., Joshi, A. (eds) Proceedings of the International Conference on Data Engineering and Communication Technology. Advances in Intelligent Systems and Computing, vol 469. Springer, Singapore. https://doi.org/10.1007/978-981-10-1678-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-1678-3_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-1677-6

  • Online ISBN: 978-981-10-1678-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation