Visible to the public Causality-based Sensemaking of Network Traffic for Android Application Security

TitleCausality-based Sensemaking of Network Traffic for Android Application Security
Publication TypeConference Paper
Year of Publication2016
AuthorsZhang, Hao, Yao, Danfeng(Daphne), Ramakrishnan, Naren
Conference NameProceedings of the 2016 ACM Workshop on Artificial Intelligence and Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4573-6
Keywordsanomaly detection, artificial intelligence security, composability, Human Behavior, machine learning, Metrics, mobile security, Network security, pubcrawl, Resiliency

Malicious Android applications pose serious threats to mobile security. They threaten the data confidentiality and system integrity on Android devices. Monitoring runtime activities serves as an important technique for analyzing dynamic app behaviors. We design a triggering relation model for dynamically analyzing network traffic on Android devices. Our model enables one to infer the dependency of outbound network requests from the device. We describe a new machine learning approach for discovering the dependency of network requests. These request-level dependence relations are used to detect stealthy malware activities. Malicious requests are identified due to the lack of dependency with legitimate triggers. Our prototype is evaluated on 14GB network traffic data and system logs collected from an Android tablet. Experimental results show that our solution achieves a high accuracy (99.1%) in detecting malicious requests sent from new malicious apps.

Citation Keyzhang_causality-based_2016