Causality-based Sensemaking of Network Traffic for Android Application Security
Title | Causality-based Sensemaking of Network Traffic for Android Application Security |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Zhang, Hao, Yao, Danfeng(Daphne), Ramakrishnan, Naren |
Conference Name | Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4573-6 |
Keywords | anomaly detection, artificial intelligence security, composability, Human Behavior, machine learning, Metrics, mobile security, Network security, pubcrawl, Resiliency |
Abstract | Malicious Android applications pose serious threats to mobile security. They threaten the data confidentiality and system integrity on Android devices. Monitoring runtime activities serves as an important technique for analyzing dynamic app behaviors. We design a triggering relation model for dynamically analyzing network traffic on Android devices. Our model enables one to infer the dependency of outbound network requests from the device. We describe a new machine learning approach for discovering the dependency of network requests. These request-level dependence relations are used to detect stealthy malware activities. Malicious requests are identified due to the lack of dependency with legitimate triggers. Our prototype is evaluated on 14GB network traffic data and system logs collected from an Android tablet. Experimental results show that our solution achieves a high accuracy (99.1%) in detecting malicious requests sent from new malicious apps. |
URL | http://doi.acm.org/10.1145/2996758.2996760 |
DOI | 10.1145/2996758.2996760 |
Citation Key | zhang_causality-based_2016 |