Award Abstract # 1566388
CRII: SaTC: Towards Non-Intrusive Detection of Resilient Mobile Malware and Botnet using Application Traffic Measurement

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: BOARD OF REGENTS OF THE UNIVERSITY OF NEBRASKA
Initial Amendment Date: July 25, 2016
Latest Amendment Date: April 10, 2017
Award Number: 1566388
Award Instrument: Standard Grant
Program Manager: Nina Amla
namla@nsf.gov  (703)292-7991
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: August 1, 2016
End Date: July 31, 2019 (Estimated)
Total Intended Award Amount: $174,739.00
Total Awarded Amount to Date: $182,739.00
Funds Obligated to Date: FY 2016 = $174,739.00
FY 2017 = $8,000.00
History of Investigator:
  • Qiben Yan (Principal Investigator)
     qyan@msu.edu
Recipient Sponsored Research Office: University of Nebraska-Lincoln
 2200 VINE ST # 830861
 LINCOLN
 NE  US  68503-2427
(402)472-3171
Sponsor Congressional District: 01
Primary Place of Performance: University of Nebraska-Lincoln
 2200 Vine St, 151 Whittier
 Lincoln
 NE  US  68503-1435
Primary Place of Performance
Congressional District:		 01
Unique Entity Identifier (UEI): HTQ6K6NJFHA6
Parent UEI:
NSF Program(s): CRII CISE Research Initiation,
Special Projects - CNS
Primary Program Source: 01001617DB NSF RESEARCH & RELATED ACTIVIT
01001718DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 025Z, 8228, 9150, 9178, 9251
Program Element Code(s): 026Y00, 171400
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

The development of the mobile Internet economy has brought numerous benefits to people and society, with the promise of providing ubiquitous computing and communications. Mobile devices have penetrated almost every aspect of our lives and, as a result, are storing a large amount of personal data. Unfortunately, the promise of the mobile Internet is easily undermined by "smart" malware and botnets, creating a precarious situation in which sensitive data stored on mobile devices could be leaked to adversaries through the mobile Internet or a wealth of compromised mobile devices could launch a denial of service attack to destruct the mobile infrastructure. This project develops non-intrusive, network-based solutions to detect mobile malware and botnets and mitigate their impact to ensure that mobile communications are carried out in a trustworthy manner despite the potential security threats. The research offers valuable insights into mobile malware's spreading mechanisms and malicious intents and will inspire studies in network behavior analysis of mobile applications. The project also has an important educational impact via the creation of new mobile security course projects and modules, widening students' views of mobile system security, and guiding next-generation mobile developers to include security and privacy considerations in designing mobile protocols and apps.

This project addresses three closely intertwined research issues in developing a network-based mobile malware detection system. The first part focuses on investigating malware traffic collection by identifying malware's network-related application program interfaces (APIs) and designing novel inputs to activate the malware's covert network behaviors. The second part focuses on designing a network-based malware detection system that identifies potential malware features based on their malicious network behaviors, which in turn will provide precise and unique identification of mobile malware. The third part focuses on the development of group behavior based detection mechanisms to identify organized network activities from malicious botnets that are built on the cooperation of malware. A local testbed will be developed to evaluate the performance of the proposed techniques and system designs, which aims to guarantee that the technologies developed are suitable for deployment in real mobile systems. The project uses machine learning techniques, statistical tools, and network traffic analysis to support secure communications in mobile networks.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 15)
Boyang Hu, Qicheng Lin, Yao Zheng, Qiben Yan, Matthew Troglia, and Qingyang Wang "Characterizing Location-based Mobile Tracking in Mobile Ad Networks" IEEE Conference on Communications and Network Security (CNS) 2019 , 2019
Hao Li, Zhenxiang Chen, Riccardo Spolaor, Qiben Yan, Chuan Zhao, Bo Yang "DART: Detecting Unseen Malware Variants Using Adaptation Regularization Transfer Learning" IEEE ICC 2019 , 2019
Lichao Sun, Jin Li, Qiben Yan, Zhiqiang Li, Witty Srisa-an, Heng Ye "Signi?cant Permission Identi?cation for Machine Learning Based Android Malware Detection" IEEE Transactions on Industrial Informatics , v.14 , 2018
Lichao Sun, Zhiqiang Li, Qiben Yan, Witawas Srisa-an, Yu Pan "SigPID: Significant Permission Identification for Android Malware Detection" The 11th International Conference on Malicious and Unwanted Software (MALWARE 2016) , 2016
Mohannad Alhanahnah, Qiben Yan, Hamid Bagheri, Hao Zhou, Yutaka Tsutano, Witty Srisa-an, and Xiapu Luo "Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code" IEEE INFOCOM 2019 , 2019
Mohannad Alhanahnah, Qicheng Lin, Qiben Yan, Ning Zhang, and Zhenxiang Chen "Efficient Signature Generation for Classifying Cross-Architecture IoT Malware" IEEE Conference on Communications and Network Security (IEEE CNS) 2018 , 2018
Shanshan Wang, Qiben Yan, Zhenxiang Chen, Bo Yang, Chuan Zhao, Mauro Conti "Detecting Android Malware Leveraging Text Semantics of Network Flows" IEEE Transactions on Information Forensics Security , v.13 , 2018
Shanshan Wang, Qiben Yan, Zhenxiang Chen, Bo Yang, Chuan Zhao, Mauro Conti "TextDroid: Semantics-based Detection of Mobile Malware Using Network Flows" IEEE INFOCOM 2017 Workshop: MobiSec 2017 , 2017
Shanshan Wang, Qiben Yan, Zhenxiang Chen, Lin Wang, Riccardo Spolaor, Bo Yang, and Mauro Conti "Lexical Mining of Malicious URLs for Classifying Android malware" SecureComm 2018 , 2018
Shanshan Wang, Zhenxiang Chen, Qiben Yan, Ke Ji, Lin Wang, Bo Yang, Mauro Conti "Deep and Broad Learning based Detection of Android Malware via Network Traf?c" IEEE/ACM IWQoS 2018 Short Paper , 2018
Shanshan Wang, Zhenxiang Chen, Qiben Yan, Ke Ji, Lizhi Peng, Bo Yang, Mauro Conti "Deep and Broad URL Feature Mining for Android Malware Detection" Information Sciences , 2019 https://doi.org/10.1016/j.ins.2019.11.008
(Showing: 1 - 10 of 15)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The development of the mobile Internet economy has brought numerous benefits to people and society, with the promise of providing ubiquitous computing and communications. Unfortunately, the promise of the mobile Internet is easily undermined by "smart" malware and botnets, creating a precarious situation in which sensitive data stored on mobile devices could be leaked to adversaries through the mobile Internet or a wealth of compromised mobile devices could launch a denial of service attack to destruct the mobile infrastructure. This project addresses the challenges of designing systems to detect mobile malware's malicious network and system behaviors. This project enables research to exploit the recent advances in program analysis, machine learning, malware analysis, reverse engineering techniques to accurately and efficiently identify mobile malware. The outcomes of this research have advanced the state-of-the-art of mobile malware analysis in the following aspects.

First, this research creates a behavioral monitoring framework to systematically activate mobile malware and study the network behaviors of mobile apps both from the system-level and network-level perspectives. The new framework and generated datasets could benefit the mobile security research community. Second, this research investigates the mobile malware's malicious network activities using data analytics, and proposes multiple efficient systems to detect mobile malware using novel machine learning methods including the recent applications of deep neural networks. Third, this research systematically studies the vulnerable interactive behaviors of mobile apps, and discovers new vulnerabilities in the apps and identifies their potential threats. Multiple detection systems are developed to address the challenge of detecting zero-day vulnerabilities, unseen malware variants, and obfuscated malware samples.  

The project makes an important educational impact via the creation of new mobile security course projects and modules, widening students' views of mobile system security, and guiding next-generation mobile developers to include security and privacy considerations in designing mobile protocols and apps. This project has contributed to the education and training of graduate and undergraduate students. It provides opportunities for graduate students to participate in the research, and will encourage the students to pursue a future career in research and development in the field of cyber security.

 


Last Modified: 11/21/2019
Modified by: Qiben Yan

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top