Skip to main content
SpringerLink
Log in
Book cover

International Conference on Intelligent Computing

ICIC 2017: Intelligent Computing Theories and Application pp 796–807Cite as

Android Malware Clustering Analysis on Network-Level Behavior

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10361))

Abstract

Android becomes the most popular operating system for smart phones today. However, malicious application proposes a huge threat on Android platform. Many malware are designed to steal personal information of user or control the device of user through the network. In this paper, we show how to efficiently cluster network behavior by analyzing the statistical information of HTTP flow at the network level. To do so, we observe the specific statistical information on HTTP flow generated by more than 8,000 malware. In the end, we separate malware’s malicious network into seven different clusters using clustering technology. Our evaluation experiments show that HTTP flows in the same cluster have similar network behavior and there are big differences between the different clusters. This similarity and variability are manifested at some specific network-level statistical characteristics. In addition, in order to show the results of the study more intuitively, we reduce the dimensionality of the original features, and show the final clustering results in two-dimensional space.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Google play: number of available apps 2009–2016. http://www.statista.com/statistics/266210/

  2. Report: 2016 saw 8.5 million mobile malware attacks, ransomware and IoT threats on the rise. http://www.techrepublic.com/article/report-2016-saw-8-5-millionmobile-malware-attacks-ransomware-and-iot-threats-on-the-rise/

  3. Enck, W., et al.: On lightweight mobile phone application certification (2009)

    Google Scholar 

  4. Felt, A.P., Chin, E., Hanna, S., et al.: Android permissions demystified. In: ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  5. Grace, M., Zhou, Y., Zhang, Q., et al.: RiskRanker: scalable and accurate zero-day android malware detection. In: International Conference on Mobile Systems, Applications, and Services, pp. 281–294. ACM (2012)

    Google Scholar 

  6. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Conference on Computer Security Applications, ACSAC 2007, pp. 421–430. IEEE Xplore (2008)

    Google Scholar 

  7. Enck, W., Gilbert, P., Han, S., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Usenix Symposium on Operating Systems Design and Implementation, OSDI 2010 Proceedings, 4–6 October 2010, Vancouver, BC, Canada, pp. 393–407. DBLP (2010)

    Google Scholar 

  8. Zhou, Y., Wang, Z., Zhou, W., et al.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of Annual Network & Distributed System Security Symposium (2012)

    Google Scholar 

  9. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: Usenix Security Symposium, pp. 569–584 (2012)

    Google Scholar 

  10. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Security and Privacy, pp. 95–109. IEEE (2012)

    Google Scholar 

  11. Cao, D., Wang, S., Li, Q., Cheny, Z., Yan, Q., Peng, L., Yang, B.: Droidcollector: a high performance framework for high quality android traffic collection. In: 2016 IEEE Trustcom/BigDataSE/ISPA, August 2016, pp. 1753–1758 (2016)

    Google Scholar 

  12. Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: Eighth International Conference on Next Generation Mobile Apps, Services and Technologies, pp. 66–71. IEEE (2014)

    Google Scholar 

  13. Virusshare.com. https://virusshare.com/

  14. Bailey, M., Oberheide, J., Andersen, J., et al.: Automated classification and analysis of internet malware. In: International Conference on Recent Advances in Intrusion Detection, pp. 178–197. Springer-Verlag (2007)

    Google Scholar 

  15. Bayer, U., Comparetti, P.M., Hlauschek, C., et al.: Scalable, behavior-based malware clustering. In: Network and Distributed System Security Symposium, NDSS 2009, February 2009, San Diego, California, USA. DBLP (2009)

    Google Scholar 

  16. Li, Z., Sanghi, M., Chen, Y., et al.: Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience, p. 47 (2006)

    Google Scholar 

  17. Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security & Privacy, pp. 226–241. IEEE (2005)

    Google Scholar 

  18. Xie, Y., Yu, F., Achan, K., et al.: Spamming botnets: signatures and characteristics. In: ACM SIGCOMM Computer Communication Review, pp. 171–182 (2008)

    Google Scholar 

  19. Xu, Q., Liao, Y., Miskovic, S., et al.: Automatic generation of mobile app signatures from traffic observations. In: Computer Communications, pp. 1481–1489. IEEE (2015)

    Google Scholar 

  20. Aresu, M., Ariu, D., Ahmadi, M., et al.: Clustering android malware families by http traffic. In: International Conference on Malicious and Unwanted Software, pp. 128–135 (2015)

    Google Scholar 

  21. TSNE. http://scikit-learn.org/stable/modules/generated/sklearn.manifold.TSNE.html

  22. Luan, S., Kong, X., Wang, B., et al.: Silhouette coefficient based approach on cellphone classification for unknown source imagee. In: IEEE International Conference on Communications, pp. 6744–6747. IEEE (2012)

    Google Scholar 

Download references

Acknowledgement

This work was supported by the National Natural Science Foundation of China under Grants No. 61672262, No. 61573166, No. 61472164 and No. 61572230, the Natural Science Foundation of Shandong Province under Grants No. ZR2014JL042 and No. ZR2012FM010, the Shandong Provincial Key R&D Program under Grants No. 2016GGX101001.

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, University of Jinan, Jinan, 250022, China

    Shanshan Wang, Zhenxiang Chen, Lin Wang, Ke Ji & Chuan Zhao

  2. Department of Political Theory, Shandong Sport University, Jinan, 250102, China

    Xiaomei Li

Authors
  1. Shanshan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhenxiang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaomei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ke Ji
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Chuan Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhenxiang Chen .

Editor information

Editors and Affiliations

  1. Tongji University, Shanghai, China

    De-Shuang Huang

  2. Politecnico di Bari, Bari, Italy

    Vitoantonio Bevilacqua

  3. University of Wollongong, North Wollongong, New South Wales, Australia

    Prashan Premaratne

  4. Indian Institute of Technology, Kanpur, India

    Phalguni Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Wang, S., Chen, Z., Li, X., Wang, L., Ji, K., Zhao, C. (2017). Android Malware Clustering Analysis on Network-Level Behavior. In: Huang, DS., Bevilacqua, V., Premaratne, P., Gupta, P. (eds) Intelligent Computing Theories and Application. ICIC 2017. Lecture Notes in Computer Science(), vol 10361. Springer, Cham. https://doi.org/10.1007/978-3-319-63309-1_71

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-63309-1_71

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-63308-4

  • Online ISBN: 978-3-319-63309-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation