Clustering android malware families by Http traffic

ARESU, MARCO;ARIU, DAVIDE;AHMADI, MANSOUR;MAIORCA, DAVIDE;GIACINTO, GIORGIO
2016

Abstract

Due to its popularity and open-source nature, Android is the mobile platform that has been targeted the most by malware that aim to steal personal information or to control the users??? devices. More specifically, mobile botnets are malware that allow an attacker to remotely control the victims??? devices through different channels like HTTP, thus creating malicious networks of bots. In this paper, we show how it is possible to effectively group mobile botnets families by analyzing the HTTP traffic they generate. To do so, we create malware clusters by looking at specific statistical information that are related to the HTTP traffic. This approach also allows us to extract signatures with which it is possible to precisely detect new malware that belong to the clustered families. Contrarily to x86 malware, we show that using fine-grained HTTP structural features do not increase detection performances. Finally, we point out how the HTTP information flow among mobile bots contains more information when compared to the one generated by desktop ones, allowing for a more precise detection of mobile threats.
Inglese
2015 10th International Conference on Malicious and Unwanted Software (MALWARE)
978-1-5090-0317-4
978-1-5090-0319-8
978-1-5090-0317-4
978-1-5090-0319-8
IEEE (Institute of Electrical and Electronics Engineers)
128
135
8
10th International Conference on Malicious and Unwanted Software, MALWARE 2015
Esperti anonimi
20-22 October 2015
Fajardo, PR, USA
internazionale
scientifica
Android; Botnet; Malware detection; Clustering; HTTP; Traffic network
no
4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno
Aresu, Marco; Ariu, Davide; Ahmadi, Mansour; Maiorca, Davide; Giacinto, Giorgio
273
5
4.1 Contributo in Atti di convegno
reserved
info:eu-repo/semantics/conferencePaper
File in questo prodotto:
File Dimensione Formato  
MalwareConf2015_printed.pdf

Solo gestori archivio

Tipologia: versione editoriale
Dimensione 271.35 kB
Formato Adobe PDF
271.35 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Questionario e social

Condividi su:
Impostazioni cookie