Seminar

Identification of Malicious Mobile Applications and Vulnerable Devices through Network Traffic Analysis

Dr. Euijin Choo (Qatar Computing Research Institute)

Abstract

With a rapid growth of mobile data traffic over the past decade, the mobile devices became an attractive target for attackers to exploit. Consequently, analyzing and identifying mobile applications has become an emerging task for network management and security practices. The objective of this research is to investigate and develop approaches to identify and characterize malicious mobile applications and devices through network traffic analysis. There has been a significant amount of research on traffic identification, which can be classified into two categories: protocol analysis based identification and deep packet inspection based identification. Traditional Protocol-based analysis approaches exploit the TCP port numbers to identify applications (e.g., HTTP protocol is used by web application) based on the fact that well-known destination ports are used for specific services. However, port-based analysis is not sufficient to analyze mobile communications, as most mobile applications rely on the HTTP protocol. Alternatively, research on identifying mobile applications has focused on Deep Packet Inspection (DPI) approaches that analyze packet payloads and/or HTTP packet header information. However, DPI analysis is no longer feasible due to the growing use of encrypted protocols such as HTTPS. In this research, we investigate on identifying new malicious mobile applications and vulnerable devices without prior knowledge. Towards achieving this goal, we investigate a 2-step approach where in the first step, we aim to differentiate and cluster different applications into similar application groups or types based on traffic features and similarities. In the second step, using the small set of ground truth labels, we aim to identify related-malicious applications and vulnerable devices. 

Bio

Dr. Euijin Choo received her B.S. and M.S. degrees in Computer Science and Engineering from Korea University (double majored in Mathematics for her bachelor) and her Ph.D. in Computer Science from North Carolina State University (NCSU), NC, USA. She is currently working for Qatar Computing Research Institute, Doha, Qatar.