Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

AMDetector: Detecting Large-Scale and Novel Android Malware Traffic with Meta-learning

  • Conference paper
  • First Online:
Computational Science – ICCS 2022 (ICCS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13353))

Included in the following conference series:

Abstract

In the severe COVID-19 environment, encrypted mobile malware is increasingly threatening personal privacy, especially those targeting on Android platform. Existing methods mainly focus on extracting features from Android Malware (DroidMal) by reversing the binary samples, which is sensitive to the deduction of the available samples. Thus, they fail to tackle the insufficiency of the novel DoridMal. Therefore, it is necessary to investigate an effective solution to classify large-scale DroidMal, as well as to detect the novel one. We consider few-shot DroidMal detection as DoridMal encrypted network traffic classification and propose an image-based method with meta-learning, namely AMDetector, to address the issues. By capturing network traffic produced by DroidMal, samples are augmented and thus cater to the learning algorithms. Firstly, DroidMal encrypted traffic is converted to session images. Then, session images are embedded into a high dimension metric space, in which traffic samples can be linearly separated by computing the distance with the corresponding prototype. Large-scale and novel DroidMal traffic is classified by applying different meta-learning strategies. Experimental results on public datasets have demonstrated the capability of our method to classify large-scale known DroidMal traffic as well as to detect the novel one. It is encouraging to see that, our model achieves superior performance on known and novel DroidMal traffic classification among the state-of-the-arts. Moreover, AMDetector is able to classify the unseen cross-platform malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abuthawabeh, M., Mahmoud, K.: Enhanced android malware detection and family classification, using conversation-level network traffic features. Int. Arab J. Inf. Technol. 17(4A), 607–614 (2020)

    Google Scholar 

  2. Arora, A., Garg, S., Peddoju, S.K.: Malware detection using network traffic analysis in android based mobile devices. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (2014)

    Google Scholar 

  3. Arshad, S., Shah, M.A., Khan, A., Ahmed, M.: Android malware detection & protection: a survey. Int. J. Adv. Comput. Sci. Appl. 7(2), 463–475 (2016)

    Google Scholar 

  4. Bai, Y., et al.: Unsuccessful story about few shot malware family classification and Siamese network to the rescue. In: Proceedings of ICSE (2020)

    Google Scholar 

  5. Celik, Z.B., Walls, R.J., McDaniel, P., Swami, A.: Malware traffic detection using tamper resistant features. In: MILCOM 2015–2015 IEEE Military Communications Conference (2015)

    Google Scholar 

  6. Chan, P.P.K., Song, W.-K.: Static detection of android malware by using permissions and API calls. In: Proceedings of ICML (2014)

    Google Scholar 

  7. Chen, R., Li, Y., Fang, W.: Android malware identification based on traffic analysis. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICAIS 2019. LNCS, vol. 11632, pp. 293–303. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24274-9_26

    Chapter  Google Scholar 

  8. van Ede, T., et al.: Flowprint: semi-supervised mobile-app fingerprinting on encrypted network traffic. In: Proceedings of NDSS (2020)

    Google Scholar 

  9. Hoffer, E., Ailon, N.: Deep metric learning using triplet network (2014)

    Google Scholar 

  10. Hou, S., Saas, A., Chen, L., Ye, Y.: Deep4MalDroid: a deep learning framework for android malware detection based on Linux Kernel system call graphs. In: 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW) (2016)

    Google Scholar 

  11. Jmila, H., Khedher, M.I., Blanc, G., El Yacoubi, M.A.: Siamese network based feature learning for improved intrusion detection. In: Proceedings of ICONIP (2019)

    Google Scholar 

  12. Lashkari, A.H., Kadir, A.F.A., Taheri, L., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark android malware datasets and classification. In: 2018 International Carnahan Conference on Security Technology (ICCST) (2018)

    Google Scholar 

  13. Liu, C., He, L., Xiong, G., Cao, Z., Li, Z.: FS-Net: a flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications (2019)

    Google Scholar 

  14. Liu, Z., Li, S., Zhang, Y., Yun, X., Cheng, Z.: Efficient malware originated traffic classification by using generative adversarial networks. In: 2020 IEEE Symposium on Computers and Communications (ISCC) (2020)

    Google Scholar 

  15. Onwuzurike, L., Mariconti, E., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: MaMaDroid: detecting android malware by building Markov chains of behavioral models (extended version). TOPS (2019)

    Google Scholar 

  16. Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: Proceedings of ICTAI (2013)

    Google Scholar 

  17. Sharan, A., Radhika, K.: Machine learning based solution for detecting malware android applications. Machine Learning (2020)

    Google Scholar 

  18. Snell, J., Swersky, K., Zemel, R.: Prototypical networks for few-shot learning. In: Proceedings of NeurIPS (2017)

    Google Scholar 

  19. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing (2013)

    Google Scholar 

  20. Tang, Z., Wang, Q., Li, W., Bao, H., Liu, F., Wang, W.: HSLF: HTTP header sequence based LSH fingerprints for application traffic classification. In: Paszynski, M., Kranzlmüller, D., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds.) ICCS 2021. LNCS, vol. 12742, pp. 41–54. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77961-0_5

    Chapter  Google Scholar 

  21. Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN) (2017)

    Google Scholar 

  22. Wang, W., Zhu, M.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics, ISI 2017, Beijing, China, 22–24 July 2017 (2017)

    Google Scholar 

  23. Wang, Y., Yao, Q., Kwok, J.T., Ni, L.M.: Generalizing from a few examples: a survey on few-shot learning. ACM Comput. Surv. 53, 1–34 (2020)

    Google Scholar 

  24. Wang, Z., Fok, K.W., Thing, V.L.: Machine learning for encrypted malicious traffic detection: approaches, datasets and comparative study. Comput. Secur. 113, 102542 (2022)

    Article  Google Scholar 

  25. Wong, M.Y., Lie, D.: IntelliDroid: a targeted input generator for the dynamic analysis of android malware. In: NDSS (2016)

    Google Scholar 

  26. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the \(\{\)OS\(\}\) and Dalvik semantic views for dynamic android malware analysis. In: USENIX 2012 (2012)

    Google Scholar 

  27. Yang, W., Kong, D., Xie, T., Gunter, C.A.: Malware detection in adversarial settings: exploiting feature evolutions and confusions in android apps. In: Proceedings of ACSA (2017)

    Google Scholar 

  28. Yuan, Z., Lu, Y., Xue, Y.: DroidDetector: android malware characterization and detection using deep learning. Tsinghua Sci. Technol. 21, 114–123 (2016)

    Article  Google Scholar 

  29. Zheng, W., Gou, C., Yan, L., Mo, S.: Learning to classify: a flow-based relation network for encrypted traffic classification. In: Proceedings of WWW (2020)

    Google Scholar 

  30. Zhu, H.J., You, Z.-H.: DroidDet: effective and robust detection of android malware using static analysis along with rotation forest model. Neurocomputing 272, 638–646 (2018)

    Article  Google Scholar 

Download references

Acknowledgment

This work was supported by the National Natural Science Foundation of China (Grant U2003111, 61871378).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Wenhao Li, Huaifeng Bao, Xiao-Yu Zhang & Lin Li

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100093, China

    Wenhao Li, Huaifeng Bao, Xiao-Yu Zhang & Lin Li

Authors
  1. Wenhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huaifeng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiao-Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiao-Yu Zhang .

Editor information

Editors and Affiliations

  1. Brunel University London, London, UK

    Derek Groen

  2. University of Amsterdam, Amsterdam, The Netherlands

    Clélia de Mulatier

  3. AGH University of Science and Technology, Krakow, Poland

    Maciej Paszynski

  4. University of Amsterdam, Amsterdam, The Netherlands

    Valeria V. Krzhizhanovskaya

  5. University of Tennessee at Knoxville, Knoxville, TN, USA

    Jack J. Dongarra

  6. University of Amsterdam, Amsterdam, The Netherlands

    Peter M. A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, W., Bao, H., Zhang, XY., Li, L. (2022). AMDetector: Detecting Large-Scale and Novel Android Malware Traffic with Meta-learning. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2022. ICCS 2022. Lecture Notes in Computer Science, vol 13353. Springer, Cham. https://doi.org/10.1007/978-3-031-08760-8_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-08760-8_33

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-08759-2

  • Online ISBN: 978-3-031-08760-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation