Bingfeng Xu scite author profile

We propose AppFA, an Application Flow Analysis approach, to detect malicious Android applications (simply apps) on the network. Unlike most of the existing work, AppFA does not need to install programs on mobile devices or modify mobile operating systems to extract detection features. Besides, it is able to handle encrypted network traffic. Specifically, we propose a constrained clustering algorithm to classify apps network traffic, and use Kernel Principal Component Analysis to build their network behavior profiles. After that, peer group analysis is explored to detect malicious apps by comparing apps’ network behavior profiles with the historical data and the profiles of their selected peer groups. These steps can be repeated every several minutes to meet the requirement of online detection. We have implemented AppFA and tested it with a public dataset. The experimental results show that AppFA can cluster apps network traffic efficiently and detect malicious Android apps with high accuracy and low false positive rate. We have also tested the performance of AppFA from the computational time standpoint.

show abstract

Identifying Mobile Applications for Encrypted Network Traffic

Zhu

2017

View full text Add to dashboard Cite

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Zhong

2020

Security and Communication Networks

View full text Add to dashboard Cite

The cyberphysical system (CPS) is becoming the infrastructure of society. Unfortunately, the CPS is vulnerable to cyberattacks, which may cause environmental pollution, property losses, and even casualties. Furthermore, in contrast to the conventional Internet, the devices in CPSs are more specific, and the device systems may not be upgraded or installed with new programs during their life spans. The selection of the best defense nodes for defeating cyberattacks is quite challenging in CPSs. To overcome this issue, several attack-defense modeled methods have been proposed. However, few existing studies have considered the defense cost, which is usually a determinant in practice. In this paper, we propose a method for choosing optimal defense nodes that (1) can defeat specific attacks and (2) are inexpensive. First, the atom attack defense tree (A2DTree) is proposed by adding constraints to the conventional attack defense tree (ADTree). Second, the algebraic method is used to efficiently calculate the minimum defense cost. On this basis, a minimum defense cost calculation tool is designed and implemented. Finally, the effectiveness of the proposed method is verified with two typical case studies, and a comparative experiment of related work is carried out. The results show that the method can correctly and efficiently identify the optimal defense nodes and calculate the minimum defense cost of a CPS.

show abstract

Mobile app identification for encrypted network flows by traffic correlation

Zhang

et al. 2018

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Mobile application (simply ''app'') identification at a per-flow granularity is vital for traffic engineering, network management, and security practices. However, uncertainty is caused by a growing fraction of encrypted traffic such as Hypertext Transfer Protocol Secure. To address this challenge, we have carefully analyzed mobile app traffic (mainly including Domain Name System, Hypertext Transfer Protocol, and encrypted traffic such as Secure Sockets Layer and Transport Layer Security) and observed that (1) the sets of server hostnames queried by different apps are distinguishable; (2) mobile apps may query multiple server hostnames simultaneously, that is, apps may send several Domain Name System lookups within a short time interval; and (3) the encrypted traffic may be similar to various other network flows generated by the same app. Based on these three observations, in this article, we propose a novel app identification methodology for encrypted network flows. To be specific, temporal, lexical, and metadata similarity are investigated to select correlated traffic and information retrieving techniques are adopted to identify apps. We ran a thorough set of experiments to assess the performance of the proposed approaches. The experimental results show that the identification accuracy can be as high as 95%, and the proposed methods have low storage requirements as well as fast training speeds.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Bingfeng Xu

PBCNN: Packet Bytes-based Convolutional Neural Network for Network Intrusion Detection

AppFA: A Novel Approach to Detect Malicious Android Applications on the Network

Identifying Mobile Applications for Encrypted Network Traffic

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Mobile app identification for encrypted network flows by traffic correlation

Contact Info

Product

Resources

About