DeviceWatch: Identifying Compromised Mobile Devices through Network Traffic Analysis and Graph Inference

11/27/2019
by   Euijin Choo, et al.
0

In this paper, we propose to identify compromised mobile devices from a network administrator's point of view. Intuitively, inadvertent users (and thus their devices) who download apps through untrustworthy markets are often allured to install malicious apps through in-app advertisement or phishing. We thus hypothesize that devices sharing a similar set of apps will have a similar probability of being compromised, resulting in the association between a device being compromised and apps in the device. Our goal is to leverage such associations to identify unknown compromised devices (i.e., devices possibly having yet currently not having known malicious apps) using the guilt-by-association principle. Admittedly, such associations could be quite weak as it is often hard, if not impossible, for an app to automatically download and install other apps without explicit initiation from a user. We describe how we can magnify such weak associations between devices and apps by carefully choosing parameters when applying graph-based inferences. We empirically show the effectiveness of our approach with a comprehensive study on the mobile network traffic provided by a major mobile service provider. Concretely, we achieve nearly 98% accuracy in terms of AUC (area under the ROC curve). Given the relatively weak nature of association, we further conduct in-depth analysis of the different behavior of a graph-inference approach, by comparing it to active DNS data. Moreover, we validate our results by showing that detected compromised devices indeed present undesirable behavior in terms of their privacy leakage and network infrastructure accessed.

READ FULL TEXT
research
04/17/2018

Review of Mobile Apps Permissions and Associated Intrusive Privacy Threats

The age of technology has created a huge market for smartphones and Apps...
research
09/14/2021

The Impact of User Demographics and Task Types on Cross-App Mobile Search

Recent developments in the mobile app industry have resulted in various ...
research
10/06/2019

Large-scale Mobile App Identification Using Deep Learning

Many network services and tools (e.g. network monitors, malware-detectio...
research
02/03/2017

LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications

Mobile applications (apps) often transmit sensitive data through network...
research
06/18/2019

Generalizing Critical Path Analysis on Mobile Traffic

Critical Path Analysis (CPA) studies the delivery of webpages to identif...
research
11/01/2017

Killing Two Birds with One Stone: Malicious Domain Detection with High Accuracy and Coverage

Inference based techniques are one of the major approaches to analyze DN...
research
12/14/2020

Back in control – An extensible middle-box on your phone

The closed design of mobile devices – with the increased security and co...

Please sign up or login with your details

Forgot password? Click here to reset