Titolo:  Clustering android malware families by Http traffic
Autori: 
Data di pubblicazione:  2016
Autori:  Aresu, Marco; Ariu, Davide; Ahmadi, Mansour; Maiorca, Davide; Giacinto, Giorgio
Presenza coautori internazionali:  no
Lingua:  Inglese
Titolo del libro:  2015 10th International Conference on Malicious and Unwanted Software (MALWARE)
ISBN:  978-1-5090-0317-4
978-1-5090-0319-8
978-1-5090-0317-4
978-1-5090-0319-8
Editore:  IEEE (Institute of Electrical and Electronics Engineers)
Pagina iniziale:  128
Pagina finale:  135
Numero di pagine:  8
Digital Object Identifier (DOI):  http://dx.doi.org/10.1109/MALWARE.2015.7413693
Codice identificativo Scopus:  2-s2.0-84969786989
Codice identificativo ISI:  WOS:000380620100015
Revisione (peer review):  Esperti anonimi
Nome del convegno:  10th International Conference on Malicious and Unwanted Software, MALWARE 2015
Periodo del convegno:  20-22 October 2015
Luogo del convegno:  Fajardo, PR, USA
Abstract:  Due to its popularity and open-source nature, Android is the mobile platform that has been targeted the most by malware that aim to steal personal information or to control the users??? devices. More specifically, mobile botnets are malware that allow an attacker to remotely control the victims??? devices through different channels like HTTP, thus creating malicious networks of bots. In this paper, we show how it is possible to effectively group mobile botnets families by analyzing the HTTP traffic they generate. To do so, we create malware clusters by looking at specific statistical information that are related to the HTTP traffic. This approach also allows us to extract signatures with which it is possible to precisely detect new malware that belong to the clustered families. Contrarily to x86 malware, we show that using fine-grained HTTP structural features do not increase detection performances. Finally, we point out how the HTTP information flow among mobile bots contains more information when compared to the one generated by desktop ones, allowing for a more precise detection of mobile threats.
Tipologia: 4.1 Contributo in Atti di convegno

File in questo prodotto:
File Descrizione Tipologia Licenza  
MalwareConf2015_printed.pdf  versione editoriale Administrator   Richiedi una copia

Questionario e social

Condividi su: