Visible to the public CRII: SaTC: Towards Non-Intrusive Detection of Resilient Mobile Malware and Botnet using Application Traffic MeasurementConflict Detection Enabled

Project Details

Lead PI

Performance Period

Aug 01, 2016 - Jul 31, 2018


University of Nebraska-Lincoln

Award Number

The development of the mobile Internet economy has brought numerous benefits to people and society, with the promise of providing ubiquitous computing and communications. Mobile devices have penetrated almost every aspect of our lives and, as a result, are storing a large amount of personal data. Unfortunately, the promise of the mobile Internet is easily undermined by "smart" malware and botnets, creating a precarious situation in which sensitive data stored on mobile devices could be leaked to adversaries through the mobile Internet or a wealth of compromised mobile devices could launch a denial of service attack to destruct the mobile infrastructure. This project develops non-intrusive, network-based solutions to detect mobile malware and botnets and mitigate their impact to ensure that mobile communications are carried out in a trustworthy manner despite the potential security threats. The research offers valuable insights into mobile malware's spreading mechanisms and malicious intents and will inspire studies in network behavior analysis of mobile applications. The project also has an important educational impact via the creation of new mobile security course projects and modules, widening students' views of mobile system security, and guiding next-generation mobile developers to include security and privacy considerations in designing mobile protocols and apps.

This project addresses three closely intertwined research issues in developing a network-based mobile malware detection system. The first part focuses on investigating malware traffic collection by identifying malware's network-related application program interfaces (APIs) and designing novel inputs to activate the malware's covert network behaviors. The second part focuses on designing a network-based malware detection system that identifies potential malware features based on their malicious network behaviors, which in turn will provide precise and unique identification of mobile malware. The third part focuses on the development of group behavior based detection mechanisms to identify organized network activities from malicious botnets that are built on the cooperation of malware. A local testbed will be developed to evaluate the performance of the proposed techniques and system designs, which aims to guarantee that the technologies developed are suitable for deployment in real mobile systems. The project uses machine learning techniques, statistical tools, and network traffic analysis to support secure communications in mobile networks.