CRII: SaTC: Towards Non-Intrusive Detection of Resilient Mobile Malware and Botnet using Application Traffic Measurement

CRII：SaTC：使用应用程序流量测量对弹性移动恶意软件和僵尸网络进行非侵入式检测

• 批准号: 1566388
• 负责人: Qiben Yan
• 金额: $ 17.47万
• 依托单位: University of Nebraska-Lincoln
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-08-01 至 2019-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1566388&HistoricalAwards=false
• 关键词: CRII; SaTC; Towards; Non; Intrusive

The development of the mobile Internet economy has brought numerous benefits to people and society, with the promise of providing ubiquitous computing and communications. Mobile devices have penetrated almost every aspect of our lives and, as a result, are storing a large amount of personal data. Unfortunately, the promise of the mobile Internet is easily undermined by "smart" malware and botnets, creating a precarious situation in which sensitive data stored on mobile devices could be leaked to adversaries through the mobile Internet or a wealth of compromised mobile devices could launch a denial of service attack to destruct the mobile infrastructure. This project develops non-intrusive, network-based solutions to detect mobile malware and botnets and mitigate their impact to ensure that mobile communications are carried out in a trustworthy manner despite the potential security threats. The research offers valuable insights into mobile malware's spreading mechanisms and malicious intents and will inspire studies in network behavior analysis of mobile applications. The project also has an important educational impact via the creation of new mobile security course projects and modules, widening students' views of mobile system security, and guiding next-generation mobile developers to include security and privacy considerations in designing mobile protocols and apps. This project addresses three closely intertwined research issues in developing a network-based mobile malware detection system. The first part focuses on investigating malware traffic collection by identifying malware's network-related application program interfaces (APIs) and designing novel inputs to activate the malware's covert network behaviors. The second part focuses on designing a network-based malware detection system that identifies potential malware features based on their malicious network behaviors, which in turn will provide precise and unique identification of mobile malware. The third part focuses on the development of group behavior based detection mechanisms to identify organized network activities from malicious botnets that are built on the cooperation of malware. A local testbed will be developed to evaluate the performance of the proposed techniques and system designs, which aims to guarantee that the technologies developed are suitable for deployment in real mobile systems. The project uses machine learning techniques, statistical tools, and network traffic analysis to support secure communications in mobile networks.

移动互联网经济的发展为人们和社会带来了许多好处，并希望提供无处不在的计算和通信。移动设备几乎渗透了我们生活的各个方面，因此，正在存储大量个人数据。不幸的是，移动互联网的承诺很容易被“智能”恶意软件和僵尸网络破坏，从而造成了一种不稳定的情况，在这种情况下，存储在移动设备上的敏感数据可能会通过移动互联网泄露为对手，或者大量受损的移动设备可能会引发拒绝服务攻击以破坏移动基础架构的拒绝。该项目开发了非侵入性的，基于网络的解决方案，以检测移动恶意软件和僵尸网络并减轻其影响，以确保尽管存在潜在的安全威胁，但仍以值得信赖的方式进行移动通信。该研究为移动恶意软件的传播机制和恶意意图提供了宝贵的见解，并将激发有关移动应用程序网络行为分析的研究。该项目还通过创建新的移动安全课程项目和模块，扩大学生对移动系统安全的看法以及指导下一代移动开发人员，在设计移动协议和应用程序中包括安全性和隐私注意事项，从而产生重要的教育影响。 该项目解决了开发基于网络的移动恶意软件检测系统的三个紧密相互交织的研究问题。第一部分专注于通过识别恶意软件的网络相关应用程序界面（API）并设计新颖的输入来激活恶意软件的秘密网络行为来研究恶意软件的收集。第二部分重点是设计基于网络的恶意软件检测系统，该系统基于其恶意网络行为来识别潜在的恶意软件功能，这又将提供移动恶意软件的精确而唯一的识别。第三部分侧重于基于群体行为的检测机制的发展，以从恶意僵尸网络中识别有组织的网络活动，这些僵尸网络是基于恶意软件的合作而建立的。将开发一个本地测试床，以评估所提出的技术和系统设计的性能，该技术旨在确保开发的技术适合在实际移动系统中部署。该项目使用机器学习技术，统计工具和网络流量分析来支持移动网络中的安全通信。