Detecting Repackaged Android Malware Based on Mobile Edge Computing

• Published in: 2018 Sixth International Conference on Advanced Cloud and Big Data (CBD) pp. 360 - 365
• Main Authors: He, Gaofeng, Zhang, Lu, Xu, Bingfeng, Zhu, Haiting
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2018
• Subjects: Android; Edge computing; Feature extraction; Google; Malware; mobile app; mobile edge computing; network traffic similarity; repackaged malware; Servers; Smart phones
• DOI: 10.1109/CBD.2018.00071

The repackaged malware has become one of the most serious problems on Android platform nowadays. To detect repackaged Android malware, recent research has produced extensive approaches and tools, and most of them are done by comparing repackaged apps with the original ones. However, how to choose original apps is a non-trivial challenge. One possible way is to treat all apps in the official Android market as original apps, while in this way the pairwise comparison is inefficient and time-consuming. In this paper, we propose a novel method to detect repackaged Android malware based on Mobile Edge Computing (MEC). Our main observation is that MEC servers can collect network traffic traces generated by both original and repackaged apps in large degrees, thus we can directly analyze these traffic traces to detect repackaged malware. To be specific, plaintext contents and flow statistical features are extracted from network traffic to calculate similarities between apps. After that, the similarity values are clustered to separate original apps and repackaged malware automatically. We ran a thorough set of experiments to assess the performance of the proposed method. The experimental results show that the proposed method can detect repackaged Android malware at high speed and with high precision.