Name
Abstract | ||
|---|---|---|
Over the last years, mobile devices became target of thousands of malicious applications. Since then, several works have proposed and evaluated highly accurate machine-learning malware detection schemes. However, these schemes are hardly used in production, either because of their resource-intensive nature for deployment in mobile devices or due to high false alarm rates. This paper proposes a lightweight malware detection system by means of network behavior analysis. Our system relies on lightweight machine-learning techniques to monitor network behavior of suspicious applications. To evaluate our proposal, we construct a realistic and up-to-date network traffic dataset made of 359 goodware and malware applications. The evaluation results show that our proposal is able to detect new malware variants with accuracy near 90% and false-positive rates below 3% using only 14 features inferred directly from the TCP/IP packet header. In addition, when deployed in a Samsung Galaxy S9+, our technique consumes on average less than 5% of CPU, even in network peaks of 90 Mb/s. |
Year | Venue | DocType |
|---|---|---|
2020 | 2020 IFIP NETWORKING CONFERENCE AND WORKSHOPS (NETWORKING) | Conference |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Igor Jochem Sanz | 1 | 0 | 0.34 |
| Martin Andreoni Lopez | 2 | 2 | 1.16 |
| Eduardo Kugler Viegas | 3 | 0 | 0.34 |
| Vinicius Rodrigues Sanches | 4 | 0 | 0.34 |