With the rapid development of the mobile Internet,more and more people are using smart phones to access the Internet, especially Android devices, which have become the most popular devices of the moment. Although today's mobile operating systems do their best to provide users with a secure Internet environment, due to the open source nature of Android, it is still unable to completely stop the outbreak of Android malware. Although existing source-based static detection and behavior-based dynamic detection can identify mobile malware, many problems still exist,such as low detection efficiency and difficulty in deployment. In order to solve these problems, we propose DroidDetector, a detection engine that can automatically detect whether an app is a malware or not by using off-line trained machine learning models for network traffic analysis. DroidDetector uses the VPNService class provided by the Android SDK to intercept network traffic (it does not require root permission). All data analysis are performed on the server,which consumes minimun cache and resource on mobile devices. We extract the length of the first 8 packets of network traffic as features and use Support Vector Machine(SVM) classification algorithm to train the model. In an evaluation experiment of 53107 TCP packet length feature tuples samples, DroidDetector can achieve 95. 68% detection confidence.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.