Download PDFOpen PDF in browser

AMDetector: Detecting Large-Scale and Novel Android Malware Traffic

EasyChair Preprint 8061

14 pagesDate: May 24, 2022

Abstract

In the severe COVID-19 environment, encrypted mobile malware is increasingly threatening personal privacy, especially those targeting on Android platform. Existing methods mainly focus on extracting features from Android Malware (DroidMal) by reversing the binary samples, which is sensitive to the deduction of the available samples. Thus, they fail to tackle the insufficiency of the novel DoridMal. Therefore, it is necessary to investigate an effective solution to classify large-scale DroidMal, as well as to detect the novel one. We consider few-shot DroidMal detection as DoridMal encrypted network traffic classification and propose an image-based method with meta-learning, namely AMDetector, to address the issues. By capturing network traffic produced by DroidMal, samples are augmented and thus cater to the learning algorithms. Firstly, DroidMal encrypted traffic is converted to session images. Then, session images are embedded into a high dimension metric space, in which traffic samples can be linearly separated by computing the distance with the corresponding prototype. Large-scale and novel DroidMal traffic is classified by applying different meta-learning strategies. Experimental results on public datasets have demonstrated the capability of our method to classify large-scale known DroidMal traffic as well as to detect the novel one. It is encouraging to see that, our model achieves superior performance on known and novel DroidMal traffic classification among the state-of-the-arts. Moreover, AMDetector is able to classify the unseen cross-platform malware.

Keyphrases: Android Malware Detection, Network Security, malware detection, meta-learning, privacy security, traffic classification

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:8061,
  author    = {Li Wenhao and Huaifeng Bao and Xiao-Yu Zhang and Lin Li},
  title     = {AMDetector: Detecting Large-Scale and Novel Android Malware Traffic},
  howpublished = {EasyChair Preprint 8061},
  year      = {EasyChair, 2022}}
Download PDFOpen PDF in browser