Security and privacy issues are magnified by velocity, volume, and variety of big data. User's privacy is an even more sensitive topic attracting most people's attention. While XcodeGhost, a malware of i OS em...Security and privacy issues are magnified by velocity, volume, and variety of big data. User's privacy is an even more sensitive topic attracting most people's attention. While XcodeGhost, a malware of i OS emerging in late 2015, leads to the privacy-leakage of a large number of users, only a few studies have examined XcodeGhost based on its source code. In this paper we describe observations by monitoring the network activities for more than 2.59 million i Phone users in a provincial area across 232 days. Our analysis reveals a number of interesting points. For example, we propose a decay model for the prevalence rate of Xcode Ghost and we find that the ratio of the infected devices is more than 60%; that a lot of popular applications, such as Wechat, railway 12306, didi taxi, Youku video are also infected; and that the duration as well as the traffic volume of most Xcode Ghost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found. Besides, we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications. The identifying result shows the efficiency of this model.展开更多
基金supported by 111 Project of China under Grant No.B08004
文摘Security and privacy issues are magnified by velocity, volume, and variety of big data. User's privacy is an even more sensitive topic attracting most people's attention. While XcodeGhost, a malware of i OS emerging in late 2015, leads to the privacy-leakage of a large number of users, only a few studies have examined XcodeGhost based on its source code. In this paper we describe observations by monitoring the network activities for more than 2.59 million i Phone users in a provincial area across 232 days. Our analysis reveals a number of interesting points. For example, we propose a decay model for the prevalence rate of Xcode Ghost and we find that the ratio of the infected devices is more than 60%; that a lot of popular applications, such as Wechat, railway 12306, didi taxi, Youku video are also infected; and that the duration as well as the traffic volume of most Xcode Ghost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found. Besides, we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications. The identifying result shows the efficiency of this model.