A real-time android malware detection system based on network traffic analysis

Abstract

Mobile devices are everywhere nowadays, such as mobile phone, mobile tablets. Meanwhile, various malwares on mobile terminals are emerging one after another, especially on the open-source Android system. Traditional detection schemes are based on static method or dynamic method. In recent years, industry and academia have paid close attention to the detection mechanisms using network behaviors to identify the malware. In this paper, we design a real-time Android mal- ware detection system based on network traffic analysis, which includes a training model and a real-time detection model. By training over the mal- ware traffic using the training model, we find that 76.33% DNS queries and 45.39% HTTP requests are all malicious. We set up a real-time scanning service based on the malicious URLs that are captured in the training model, which is the core of the real-time detection model. By performing malware detection using the established real-time detection model, we show that the detection rate using the real-time scanning ser- vice is much higher than the integrated service. Meanwhile, the detection rate will further improve by integrating more third-party scanning ser- vices into our system.