Reconstruction of android applications’ network behavior based on application layer traffic

Abstract

In recent years, a dramatic change was bring to us with the rapid development of intelligent terminal technology and the popularity of mobile services. Android platforms alone have produced staggering revenues, which has attracted cybercriminals and increased malware in Android markets at an alarming rate. However, the mobile phone network traffic is used to analyze malicious software recently, but this method lack of a visual way to understand network behavior of malware as well as without integrity explanation. In this paper, we introduced a method that can reconstructed the Android applications’ network behavior based on application layer traffic. We reconstruct the application network behavior in two ways, namely, network behavior time sequence model and network connection behavior model, we can understand the network behavior of Android applications by the model we reconstructed, it provides the network interaction process integrity explanation and shows that malwares traffic include malicious traffic and normal traffic.