Skip to main content
SpringerLink
Log in

Network Traffic Analysis for Android Malware Detection

  • Conference paper
  • First Online:
Hybrid Artificial Intelligent Systems (HAIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11734))

Included in the following conference series:

Abstract

The possibilities offered by the management of huge quantities of equipment and/or networks is attracting a growing number of developers of malware. In this paper, we propose a working methodology for the detection of malicious traffic, based on the analysis of the flow of packets circulating on the network. This objective is achieved through the parameterization of the characteristics of these packages to be analyzed later with supervised learning techniques focused on traffic labeling, so as to enable a proactive response to the large volume of information handled by current filters.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.genymotion.com/.

  2. 2.

    https://www.virtualbox.org/.

References

  1. Amari, S.I., Wu, S.: Improving support vector machine classifiers by modifying kernel functions. Neural Netw. 12(6), 783–789 (1999)

    Article  Google Scholar 

  2. Bernaille, L., Teixeira, R., Akodkenou, I., Soule, A., Salamatian, K.: Traffic classification on the fly. ACM SIGCOMM Comput. Commun. Rev. 36(2), 23–26 (2006)

    Article  Google Scholar 

  3. Bishop, C.M.: Pattern Recognition and Machine Learning. Springer, New York (2006)

    MATH  Google Scholar 

  4. Breiman, L.: Bagging predictors. Mach. Learn. 24(2), 123–140 (1996)

    MATH  Google Scholar 

  5. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  6. Brezo, F.: Detección de tráfico de control de botnets modelizando el flujo de los paquetes de red. Ph.D. thesis, University de Deusto, Febrero 2014

    Google Scholar 

  7. Brezo, F., de la Puerta, J.G., Barroso, D.: BRIANA: Botnet detection Relying on an Intelligent Analysis of Network Architecture. Master’s thesis, University de Deusto, España (2012)

    Google Scholar 

  8. Cho, B., Yu, H., Lee, J., Chee, Y., Kim, I., Kim, S.: Nonlinear support vector machine visualization for risk factor analysis using nomograms and localized radial basis function kernels. IEEE Trans. Inf Technol. Biomed. 12(2), 247–256 (2008)

    Article  Google Scholar 

  9. Claffy, K.C.: Internet traffic characterization. Ph.D. thesis, University of California, San Diego (1994)

    Google Scholar 

  10. Cooper, G.F., Herskovits, E.: A bayesian method for constructing bayesian belief networks from databases. In: Proceedings of the Seventh conference on Uncertainty in Artificial Intelligence, pp. 86–94. Morgan Kaufmann Publishers Inc. (1991)

    Google Scholar 

  11. Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007)

    Article  Google Scholar 

  12. Dewes, C., Wichmann, A., Feldmann, A.: An analysis of internet chat systems. In: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, pp. 51–64. ACM (2003)

    Google Scholar 

  13. Erman, J., Mahanti, A., Arlitt, M.: Byte me: a case for byte accuracy in traffic classification. In: Proceedings of the 3rd Annual ACM Workshop on Mining Network Data, pp. 35–38. ACM (2007)

    Google Scholar 

  14. Erman, J., Mahanti, A., Arlitt, M., Williamson, C.: Identifying and discriminating between web and peer-to-peer traffic in the network core. In: Proceedings of the 16th International Conference on World Wide Web, pp. 883–892. ACM (2007)

    Google Scholar 

  15. Föllmer, H.: On entropy and information gain in random fields. Probab. Theory Relat. Fields 26(3), 207–217 (1973)

    MathSciNet  MATH  Google Scholar 

  16. Garner, S.: Weka: the waikato environment for knowledge analysis. In: Proceedings of the 1995 New Zealand Computer Science Research Students Conference, pp. 57–64 (1995)

    Google Scholar 

  17. Geiger, D., Goldszmidt, M., Provan, G., Langley, P., Smyth, P.: Bayesian network classifiers. Mach. Learn. 29, 131–163 (1997)

    Article  Google Scholar 

  18. Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data, pp. 197–202. ACM (2005)

    Google Scholar 

  19. Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: Is p2p dying or just hiding? [p2p traffic measurement]. In: Global Telecommunications Conference 2004. GLOBECOM 2004, vol. 3, pp. 1532–1538. IEEE. IEEE (2004)

    Google Scholar 

  20. Keralapura, R., Nucci, A., Zhang, Z.L., Gao, L.: Profiling users in a 3G network using hourglass co-clustering. In: Proceedings of the Sixteenth Annual International Conference on Mobile Computing and Networking, pp. 341–352. ACM (2010)

    Google Scholar 

  21. Lang, T., Armitage, G., Branch, P., Choo, H.Y.: A synthetic traffic model for half-life. In: Australian Telecommunications Networks & Applications Conference, vol. 2003 (2003)

    Google Scholar 

  22. Lang, T., Branch, P., Armitage, G.: A synthetic traffic model for quake3. In: Proceedings of the 2004 ACM SIGCHI International Conference on Advances in Computer Entertainment Technology, pp. 233–238. ACM (2004)

    Google Scholar 

  23. Lobo, J.M., Jiménez-Valverde, A., Real, R.: AUC: a misleading measure of the performance of predictive distribution models. Glob. Ecol. Biogeogr. 17(2), 145–151 (2008)

    Article  Google Scholar 

  24. Madhukar, A., Williamson, C.: A longitudinal study of p2p traffic classification. In: 14th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems 2006. MASCOTS 2006, pp. 179–188. IEEE (2006)

    Google Scholar 

  25. Maji, S., Berg, A., Malik, J.: Classification using intersection kernel support vector machines is efficient. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1–8. IEEE (2008)

    Google Scholar 

  26. Mattar, K., Sridharan, A., Zang, H., Matta, I., Bestavros, A.: TCP over CDMA2000 networks: a cross-layer measurement study. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 94–104. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71617-4_10

    Chapter  Google Scholar 

  27. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24668-8_21

    Chapter  Google Scholar 

  28. Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 41–54. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31966-5_4

    Chapter  Google Scholar 

  29. Moore, K.: 71% of online adults now use video-sharing sites. Pew Internet and American Life Project (2011)

    Google Scholar 

  30. Nguyen, T.T., Armitage, G.: Training on multiple sub-flows to optimise the use of machine learning classifiers in real-world IP networks. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 369–376. IEEE (2006)

    Google Scholar 

  31. Paxson, V.: Empirically derived analytic models of wide-area TCP connections. IEEE/ACM Trans. Networking (TON) 2(4), 316–336 (1994)

    Article  Google Scholar 

  32. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)

    Article  Google Scholar 

  33. Pentikousis, K., Palola, M., Jurvansuu, M., Perala, P.: Active goodput measurements from a public 3G/UMTS network. IEEE Commun. Lett. 9(9), 802–804 (2005)

    Article  Google Scholar 

  34. Powers, D.: Evaluation: From precision, recall and f-factor to ROC, informedness, markedness & correlation (Technical report). Adelaide, Australia (2007)

    Google Scholar 

  35. Quinlan, J.: C4.5: Programs for Machine Learning. Morgan kaufmann, San Mateo (1993)

    Google Scholar 

  36. Reichl, P., Umlauft, M.: Project WISQY: a measurement-based end-to-end application-level performance comparison of 2.5G and 3G networks. In: Wireless Telecommunications Symposium 2005, pp. 9–14. IEEE (2005)

    Google Scholar 

  37. Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: LISA, vol. 99, pp. 229–238 (1999)

    Google Scholar 

  38. Roughan, M., Sen, S., Spatscheck, O., Duffield, N.: Class-of-service mapping for QOS: a statistical signature-based approach to IP traffic classification. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 135–148. ACM (2004)

    Google Scholar 

  39. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: Proceedings of the 13th International Conference on World Wide Web, pp. 512–521. ACM (2004)

    Google Scholar 

  40. Singh, Y., Kaur, A., Malhotra, R.: Comparative analysis of regression and machine learning methods for predicting fault proneness models. Int. J. Comput. Appl. Technol. 35(2), 183–193 (2009)

    Article  Google Scholar 

  41. Üstün, B., Melssen, W.J., Buydens, L.M.: Facilitating the application of support vector regression by using a universal pearson vii function based kernel. Chemometr. Intell. Lab. Syst. 81(1), 29–40 (2006)

    Article  Google Scholar 

  42. Willkomm, D., Machiraju, S., Bolot, J., Wolisz, A.: Primary users in cellular networks: a large-scale measurement study. In: 3rd IEEE Symposium on New Frontiers in Dynamic Spectrum Access Networks 2008. DySPAN 2008, pp. 1–11. IEEE (2008)

    Google Scholar 

  43. Zeilenga, K.D.: Internet assigned numbers authority (IANA) considerations for the lightweight directory access protocol (LDAP) (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Deusto, Avenida de las Universidades 24, 48007, Bilbao, Spain

    José Gaviria de la Puerta, Iker Pastor-López, Borja Sanz & Pablo G. Bringas

Authors
  1. José Gaviria de la Puerta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Iker Pastor-López
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Borja Sanz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pablo G. Bringas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to José Gaviria de la Puerta .

Editor information

Editors and Affiliations

  1. University of León, León, Spain

    Hilde Pérez García

  2. University of León, León, Spain

    Lidia Sánchez González

  3. University of León, León, Spain

    Manuel Castejón Limas

  4. University of A Coruña, Ferrol, Spain

    Héctor Quintián Pardo

  5. University of Salamanca, Salamanca, Spain

    Emilio Corchado Rodríguez

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

de la Puerta, J.G., Pastor-López, I., Sanz, B., Bringas, P.G. (2019). Network Traffic Analysis for Android Malware Detection. In: Pérez García, H., Sánchez González, L., Castejón Limas, M., Quintián Pardo, H., Corchado Rodríguez, E. (eds) Hybrid Artificial Intelligent Systems. HAIS 2019. Lecture Notes in Computer Science(), vol 11734. Springer, Cham. https://doi.org/10.1007/978-3-030-29859-3_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29859-3_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29858-6

  • Online ISBN: 978-3-030-29859-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation