Analyzing HTTP-Based Information Exfiltration of Malicious Android Applications
| Title | Analyzing HTTP-Based Information Exfiltration of Malicious Android Applications |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Kelkar, S., Kraus, T., Morgan, D., Zhang, J., Dai, R. |
| Conference Name | 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
| ISBN Number | 978-1-5386-4388-4 |
| Keywords | Android (operating system), Android applications, Androids, clouds, CN, composability, Global Positioning System, HTTP Based, HTTP-based information exfiltration, Humanoid robots, hypermedia, identity-related sensitive information, information exfiltration, invasive software, IP networks, leaked information, malicious Android applications, malicious applications leak multiple types, Malware, Metrics, pubcrawl, security of data, Servers, SG, smart phones, static taint analysis, suspicious URL, taint analysis, transport protocols, US |
| Abstract | Exfiltrating sensitive information from smartphones has become one of the most significant security threats. We have built a system to identify HTTP-based information exfiltration of malicious Android applications. In this paper, we discuss the method to track the propagation of sensitive information in Android applications using static taint analysis. We have studied the leaked information, destinations to which information is exfiltrated, and their correlations with types of sensitive information. The analysis results based on 578 malicious Android applications have revealed that a significant portion of these applications are interested in identity-related sensitive information. The vast majority of malicious applications leak multiple types of sensitive information. We have also identified servers associated with three country codes including CN, US, and SG are most active in collecting sensitive information. The analysis results have also demonstrated that a wide range of non-default ports are used by suspicious URLs. |
| URL | https://ieeexplore.ieee.org/document/8456110 |
| DOI | 10.1109/TrustCom/BigDataSE.2018.00242 |
| Citation Key | kelkar_analyzing_2018 |
- leaked information
- US
- transport protocols
- taint analysis
- suspicious URL
- static taint analysis
- smart phones
- SG
- Servers
- security of data
- pubcrawl
- Metrics
- malware
- malicious applications leak multiple types
- malicious Android applications
- Android (operating system)
- IP networks
- invasive software
- information exfiltration
- identity-related sensitive information
- hypermedia
- Humanoid robots
- HTTP-based information exfiltration
- HTTP Based
- Global Positioning System
- composability
- CN
- clouds
- Androids
- Android applications