CRII: SaTC: Towards Non-Intrusive Detection of Resilient Mobile Malware and Botnet using Application Traffic Measurement

CRII：SaTC：使用应用程序流量测量对弹性移动恶意软件和僵尸网络进行非侵入式检测

• 批准号: 1566388
• 负责人: Qiben Yan
• 金额: $ 17.47万
• 依托单位: University of Nebraska-Lincoln
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-08-01 至 2019-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1566388&HistoricalAwards=false
• 关键词: CRII; SaTC; Towards; Non; Intrusive

The development of the mobile Internet economy has brought numerous benefits to people and society, with the promise of providing ubiquitous computing and communications. Mobile devices have penetrated almost every aspect of our lives and, as a result, are storing a large amount of personal data. Unfortunately, the promise of the mobile Internet is easily undermined by "smart" malware and botnets, creating a precarious situation in which sensitive data stored on mobile devices could be leaked to adversaries through the mobile Internet or a wealth of compromised mobile devices could launch a denial of service attack to destruct the mobile infrastructure. This project develops non-intrusive, network-based solutions to detect mobile malware and botnets and mitigate their impact to ensure that mobile communications are carried out in a trustworthy manner despite the potential security threats. The research offers valuable insights into mobile malware's spreading mechanisms and malicious intents and will inspire studies in network behavior analysis of mobile applications. The project also has an important educational impact via the creation of new mobile security course projects and modules, widening students' views of mobile system security, and guiding next-generation mobile developers to include security and privacy considerations in designing mobile protocols and apps. This project addresses three closely intertwined research issues in developing a network-based mobile malware detection system. The first part focuses on investigating malware traffic collection by identifying malware's network-related application program interfaces (APIs) and designing novel inputs to activate the malware's covert network behaviors. The second part focuses on designing a network-based malware detection system that identifies potential malware features based on their malicious network behaviors, which in turn will provide precise and unique identification of mobile malware. The third part focuses on the development of group behavior based detection mechanisms to identify organized network activities from malicious botnets that are built on the cooperation of malware. A local testbed will be developed to evaluate the performance of the proposed techniques and system designs, which aims to guarantee that the technologies developed are suitable for deployment in real mobile systems. The project uses machine learning techniques, statistical tools, and network traffic analysis to support secure communications in mobile networks.

移动的互联网经济的发展给人们和社会带来了许多好处，并有望提供无处不在的计算和通信。移动的设备已经渗透到我们生活的几乎每一个方面，因此，正在存储大量的个人数据。不幸的是，移动的互联网的前景很容易被“智能”恶意软件和僵尸网络破坏，从而造成不稳定的局面，其中存储在移动的设备上的敏感数据可能通过移动的互联网泄露给对手，或者大量受损的移动的设备可能发起拒绝服务攻击以破坏移动的基础设施。该项目开发非侵入性的基于网络的解决方案，以检测移动的恶意软件和僵尸网络，并减轻其影响，以确保移动的通信以值得信赖的方式进行，尽管存在潜在的安全威胁。该研究为移动的恶意软件的传播机制和恶意意图提供了有价值的见解，并将启发移动的应用程序的网络行为分析的研究。该项目还通过创建新的移动的安全课程项目和模块，拓宽学生对移动的系统安全的看法，并指导下一代移动的开发人员在设计移动的协议和应用程序时考虑安全和隐私因素，从而产生重要的教育影响。 这个项目解决了三个密切相关的研究问题，在开发一个基于网络的移动的恶意软件检测系统。第一部分的重点是调查恶意软件流量收集识别恶意软件的网络相关的应用程序接口（API）和设计新颖的输入激活恶意软件的隐蔽的网络行为。第二部分重点设计了一个基于网络的恶意软件检测系统，该系统根据恶意软件的网络行为识别潜在的恶意软件特征，从而提供精确和唯一的移动的恶意软件识别。第三部分着重于开发基于群体行为的检测机制，以识别建立在恶意软件合作基础上的恶意僵尸网络中有组织的网络活动。将开发一个本地测试平台来评估所提出的技术和系统设计的性能，其目的是保证所开发的技术适合于部署在真实的移动的系统中。该项目使用机器学习技术、统计工具和网络流量分析来支持移动的网络中的安全通信。