Android malware detection scheme based on level of SSL server certificate

Hiroya Kato, Shuichiro Haruta, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Detecting Android malware is imperative. As a promising Android malware detection scheme, we focus on the scheme leveraging the differences of traffic patterns between benign apps and malware. Those differences can be captured even if the packet is encrypted. However, since such features are just statistic based ones, they cannot identify whether each traffic is malicious. Thus, it is necessary to design the scheme which is applicable to encrypted traffic data and supports identification of malicious traffic. In this paper, we propose an Android malware detection scheme based on the level of SSL server certificate. Attackers tend to use an untrusted certificate to encrypt malicious payloads in many cases because passing rigorous examination is required to get a trusted certificate. Thus, we utilize SSL server certificate based features for detection since their certificates tend to be untrusted. Furthermore, in order to obtain the more exact features, we introduce required permission based weight values because malware inevitably require permissions regarding malicious actions. By computer simulation with real dataset, we show our scheme achieves an accuracy of 92.7 %. True positive rate and false positive rate are 5.6% higher and 3.3% lower than the previous scheme, respectively. Our scheme can cope with encrypted malicious payloads and 89 malware which are not detected by the previous scheme.

Original languageEnglish
Title of host publication2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728109626
DOIs
Publication statusPublished - 2019 Dec
Event2019 IEEE Global Communications Conference, GLOBECOM 2019 - Waikoloa, United States
Duration: 2019 Dec 92019 Dec 13

Publication series

Name2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings

Conference

Conference2019 IEEE Global Communications Conference, GLOBECOM 2019
CountryUnited States
CityWaikoloa
Period19/12/919/12/13

Keywords

  • Android malware
  • Machine Learning
  • SSL

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Signal Processing
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Media Technology
  • Health Informatics

Fingerprint Dive into the research topics of 'Android malware detection scheme based on level of SSL server certificate'. Together they form a unique fingerprint.

  • Cite this

    Kato, H., Haruta, S., & Sasase, I. (2019). Android malware detection scheme based on level of SSL server certificate. In 2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings [9013483] (2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOBECOM38437.2019.9013483