Analysis of Malware Application Based on Massive Network Traffic 被引量：4

Analysis of Malware Application Based on Massive Network Traffic

下载PDF

导出

摘要 Security and privacy issues are magnified by velocity, volume, and variety of big data. User's privacy is an even more sensitive topic attracting most people's attention. While XcodeGhost, a malware of i OS emerging in late 2015, leads to the privacy-leakage of a large number of users, only a few studies have examined XcodeGhost based on its source code. In this paper we describe observations by monitoring the network activities for more than 2.59 million i Phone users in a provincial area across 232 days. Our analysis reveals a number of interesting points. For example, we propose a decay model for the prevalence rate of Xcode Ghost and we find that the ratio of the infected devices is more than 60%; that a lot of popular applications, such as Wechat, railway 12306, didi taxi, Youku video are also infected; and that the duration as well as the traffic volume of most Xcode Ghost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found. Besides, we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications. The identifying result shows the efficiency of this model. Security and privacy issues are magni- fied by velocity, volume, and variety of big data. User＇s privacy is an even more sensitive topic attracting most people＇s attention. While Xcode- Ghost, a malware of iOS emerging in late 2015, leads to the privacy-leakage of a large number of users, only a few studies have examined Xcode- Ghost based on its source code. In this paper we describe observations by monitoring the network activities for more than 2.59 million iPhone users in a provincial area across 232 days. Our analysis reveals a number of interesting points. For exam- ple, we propose a decay model for the prevalence rate of XcodeGhost and we find that the ratio of the infected devices is more than 60%; that a lot of popular applications, such as Wechat, railway 12306, didi taxi, Youku video are also infected; and that the duration as well as the traffic volume of most XcodeGhost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found. Besides, we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications. The identifying result shows the efficiency of this model.

作者 Xiaolin Gui Jun Liu Mucong Chi Chenyu Li Zhenming Lei

机构地区 Beijing Key Laboratory of Network System Architecture and Convergence

出处《China Communications》 SCIE CSCD 2016年第8期209-221,共13页 中国通信（英文版）

基金 supported by 111 Project of China under Grant No.B08004

关键词 Xcode Ghost big data network security applications identification XcodeGhost big data network secu- rity applications identification

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献2

1Xiaolin Gui,Jun Liu,Qiujian Lv,Chao Dong,Zhenming Lei.Probabilistic Top-k Query:Model and Application on Web Traffic Analysis[J].China Communications,2016,13(6):123-137. 被引量：1
2林平,余循宜,刘芳,雷振明.基于流统计特性的网络流量分类算法[J].北京邮电大学学报,2008,31(2):15-19. 被引量：21

二级参考文献13

1Okabe T, Kitamura T, Shizuno T. Statistical traffic identification method based on flow-level behavior for fair VoIP service [ C] // IEEE Workshop on VoIP Management and Security. Vancouver: IEEE Press, 2006: 35- 40.
2Karagiannis T, Papagiannaki K, Faloutsos M. BLINC: multilevel traffic classification in the dark [ C] //ACM SIGCOMM 2005. Philadelphia: ACM Press, 2005: 229-240.
3Webb A R. Statistical pattern recognition[ M]. 2nd ed. England: Wiley, 2004: 161-162.
4Logg C. Characterization of the traffic between SLAC and the Internet [ EB/OL ]. [ 2007-06-13 ]. http: // www. slac. stanford. edu/comp/net/slac-netflow/html/ SLAC-netflow. html.
5Moore D, Keys K, Koga R, et al. Claffy CoralReef software suite as a tool for system and network administrators [C]//Burgess M. Proceedings of the LISA 2001 15th Systems Administration Conference. San Diego: USENIX, 2001: 133-144.
6San S, Spatscheck O, Wang D. Accurate, scalable innetwork identification of P2P traffic using application signatures[C] // Proceeding of the 13th Internation World Wide Web Conference. NY: ACM Press, 2004: 512- 521.
7Haffner P, Sen S, Spatscheck O, et al. ACAS: automated construction of application signatures [ C]//ACM SIGCOMM Workshop on MineNet 2005. Philadelphia: ACM Press, 2005: 197-202.
8Cisco IOS Documentation. Network-based application recognition and distributed network-based application recognition [ EB/OL]. [ 2007-06-13 ]. http ://www. cisco. com/univercd/cc/td/doc/product/software/ios122/ 122newft/122t/122t8/dtnbarad. htm.
9Moore A W, Zuev D. Internet traffic classification using Bayesian analysis techniques [ C ]//ACM SIGMETRICS. New York: ACM Press, 2005: 50-60.
10Auld T, Moore A W, Gull S F. Bayesian neural networks for Internet traffic classification [J]. IEEE Trans on Neural Network, 2007, 18(1) :223-239.

共引文献20

1陈均华,吴春明,姜明.互联网业务特性概述[J].信息工程大学学报,2009,10(1):41-44.
2马永军,孙嘉栋,王劲松.P2P与常规网络流量的SVM分类方法研究[J].小型微型计算机系统,2010,31(7):1279-1282. 被引量：1
3胡婷,王勇,陶晓玲.网络流量分类方法的比较研究[J].桂林电子科技大学学报,2010,30(3):216-219. 被引量：4
4高富,周亚建,孙娜.基于节点和包离散性的P2P应用分类模型[J].现代电子技术,2011,34(5):121-124.
5王新良,刘芳,马婧,雷振明.僵尸网络指纹特征自动提取技术[J].北京邮电大学学报,2011,34(4):109-112. 被引量：1
6张鑫,马勇,曹鹏.基于贝叶斯分类算法的木马程序流量识别方法[J].信息网络安全,2012(8):115-117. 被引量：2
7LIU Zhen,LIU Qiong.Studying cost-sensitive learning for multi-class imbalance in Internet traffic classification[J].The Journal of China Universities of Posts and Telecommunications,2012,19(6):63-72. 被引量：1
8郭敏杰,刘鹏,刘芳,雷振明.泊松过程在用户上下线模型中的应用[J].北京邮电大学学报,2013,36(1):67-71.
9鲁刚,张宏莉.P2P流量分类研究[J].智能计算机与应用,2013,3(3):1-6. 被引量：1
10刘珍,王若愚,刘琼.基于Bootstrapping的因特网流量分类方法[J].北京邮电大学学报,2014,37(5):66-70. 被引量：3

同被引文献25

1陈洪泉.恶意软件检测中的特征选择问题[J].电子科技大学学报,2009,38(S1):53-56. 被引量：9
2周艳菊,邱莞华,王宗润.供应链风险管理研究进展的综述与分析[J].系统工程,2006,24(3):1-7. 被引量：120
3周梅红,刘宇峰,胡晓雯,王娟,王小俊.恶意代码多态变形技术的研究[J].计算机与数字工程,2008,36(10):149-153. 被引量：5
4陈国权.供应链管理[J].中国软科学,1999(10):101-104. 被引量：119
5魏强,韦韬,王嘉捷.软件漏洞利用缓解及其对抗技术演化[J].清华大学学报（自然科学版）,2011,51(10):1274-1280. 被引量：9
6彭小详,户振江,龚涛,舒辉.恶意代码自动脱壳技术研究[J].信息网络安全,2014(5):41-45. 被引量：8
7钱雨村,彭国军,王滢,梁玉.恶意代码同源性分析及家族聚类[J].计算机工程与应用,2015,51(18):76-81. 被引量：18
8Sophia.2015年度中国互联网站安全报告安全漏洞频发网络攻击行为加剧[J].信息安全与通信保密,2016,14(2):50-52. 被引量：3
9赵国锋,陈勇,王新恒.针对HTTPS的Web前端劫持及防御研究[J].信息网络安全,2016(3):15-20. 被引量：15
10倪光南,陈晓桦,尚燕敏,王海龙,徐克付.国外ICT供应链安全管理研究及建议[J].中国工程科学,2016,18(6):104-109. 被引量：24

引证文献4

1傅依娴,芦天亮,马泽良.基于One-Hot的CNN恶意代码检测技术[J].计算机应用与软件,2020,37(1):304-308. 被引量：21
2何熙巽,张玉清,刘奇旭.软件供应链安全综述[J].信息安全学报,2020,5(1):57-73. 被引量：23
3周显春,史路遥.基于TensorFlowOnSpark分布式平台的恶意代码检测方法[J].网络安全技术与应用,2022(3):51-53. 被引量：1
4马钊,刘东,任志磊,江贺.基于日志信息的不可重复构建原因分类[J].计算机科学,2022,49(12):109-117.

二级引证文献45

1乔枫.ICT供应链安全管理模型研究[J].科学与信息化,2020(18):160-162. 被引量：2
2刘小君,谭俊龙,宗波,付嘉佳.核电厂供应链中的网络安全风险浅析[J].仪器仪表用户,2020,27(8):72-74. 被引量：2
3张伯驹.新形势下铁路网络安全工作探索与发展展望[J].铁路计算机应用,2020,29(8):1-5. 被引量：15
4姜倩玉,王凤英,贾立鹏.基于感知哈希算法和特征融合的恶意代码检测方法[J].计算机应用,2021,41(3):780-785. 被引量：3
5樊佩茹,李俊,王冲华,张雪莹,郝志强.工业互联网供应链安全发展路径研究[J].中国工程科学,2021,23(2):56-64. 被引量：11
6董凯,赵旭.基于马尔可夫决策过程的入侵检测方法研究[J].计算机技术与发展,2021,31(5):131-136. 被引量：2
7张允耀,黄鹤鸣,张会云.复杂噪声环境下语音识别研究[J].计算机与现代化,2021(9):68-74. 被引量：4
8杨海涛,邓赵红,王士同.融合多视角和多标签学习的RNA结合蛋白识别[J].计算机科学与探索,2021,15(11):2193-2205. 被引量：1
9杨青,张亚文,朱丽,吴涛.基于注意力机制和BiGRU融合的文本情感分析[J].计算机科学,2021,48(11):307-311. 被引量：12
10段佳良,蔡国明,徐开勇.基于多BP神经网络的内存组合特征分类方法[J].计算机应用,2022,42(1):178-182. 被引量：2

1XiaoleiWu.Research on Network Security Algorithm based on ZigBee Technology[J].International Journal of Technology Management,2014(8):164-166.
2Panther上的开发工具Xcode[J].桌面黄页,2003(8):48-49.
3WANG Qiao,CHEN Yi,WANG Chonggang.BIG DATA[J].China Communications,2014,11(12):11-12.
4S.K. Bharti,B. Vachha,R.K. Pradhan,K.S. Babu,S.K. Jena.Sarcastic sentiment detection in tweets streamed in real time： a big data approach[J].Digital Communications and Networks,2016,2(3):108-121. 被引量：8
5时代民芯两款转换器芯片进入民用高端市场[J].中国集成电路,2012(8):1-1.
6TD-SCDMA users may exceeds 100 million in 2 years[J].China's Foreign Trade,2009(22):15-15.
7尹林.大数据与云计算的关系探讨[J].通信与信息技术,2015(5):50-52. 被引量：7
8价格仍是宽带普及的主要障碍[J].中国新通信,2011,13(24):95-95.
9Vladimir Krylov,Kirill Kravtsov.Principles of Network Security Protocols Based on Dynamic Address Space Randomization[J].通讯和计算机（中英文版）,2016,13(2):77-89. 被引量：1
10Dapeng Wu,Boran Yang,Ruyan Wang.Scalable privacy-preserving big data aggregation mechanism[J].Digital Communications and Networks,2016,2(3):122-129. 被引量：2

China Communications

2016年第8期

浏览历史

内容加载中请稍等...