Welcome to the web page of our research project: "CRII: SaTC: Towards Non-Intrusive Detection of Resilient Mobile Malware and Botnet using Application Traffic Measurement". This website is created and maintained to disseminate and share research results and other information related to the project.

Project Description

The development of the mobile Internet economy has brought numerous benefits to people and society, with the promise of providing ubiquitous computing and communications. Mobile devices have penetrated almost every aspect of our lives and, as a result, are storing a large amount of personal data. Unfortunately, the promise of the mobile Internet is easily undermined by "smart" malware and botnets, creating a precarious situation in which sensitive data stored on mobile devices could be leaked to adversaries through the mobile Internet or a wealth of compromised mobile devices could launch a denial of service attack to destruct the mobile infrastructure. This project develops non-intrusive, network-based solutions to detect mobile malware and botnets and mitigate their impact to ensure that mobile communications are carried out in a trustworthy manner despite the potential security threats. The research offers valuable insights into mobile malware's spreading mechanisms and malicious intents and will inspire studies in network behavior analysis of mobile applications. The project also has an important educational impact via the creation of new mobile security course projects and modules, widening students' views of mobile system security, and guiding next-generation mobile developers to include security and privacy considerations in designing mobile protocols and apps.

This project addresses three closely intertwined research issues in developing a network-based mobile malware detection system. The first part focuses on investigating malware traffic collection by identifying malware's network-related application program interfaces (APIs) and designing novel inputs to activate the malware's covert network behaviors. The second part focuses on designing a network-based malware detection system that identifies potential malware features based on their malicious network behaviors, which in turn will provide precise and unique identification of mobile malware. The third part focuses on the development of group behavior based detection mechanisms to identify organized network activities from malicious botnets that are built on the cooperation of malware. A local testbed will be developed to evaluate the performance of the proposed techniques and system designs, which aims to guarantee that the technologies developed are suitable for deployment in real mobile systems. The project uses machine learning techniques, statistical tools, and network traffic analysis to support secure communications in mobile networks.

Personnel

Principal Investigators

Dr. Qiben Yan (Lead PI) Assitant Professor Department of Computer Science and Engineering Michigan State University Homepage: http://cse.msu.edu/~qyan/

Current Graduate Students

	Mohannad Alhanahnah Ph.D. student (August 2016 - Present) Department of Computer Science and Engineering University of Nebraska, Lincoln Email: mohannad@huskers.unl.edu
	Zhiqiang Li Ph.D. student (August 2016 - Present) Department of Computer Science and Engineering University of Nebraska, Lincoln Email: zli@cse.unl.edu
	Boyang Hu Ph.D. student (August 2017 - Present) Department of Computer Science and Engineering University of Nebraska, Lincoln Email: boyang.hu@huskers.unl.edu

Previous Graduate Students

Lichao Sun (August 2016 - May 2017) Master student Department of Computer Science and Engineering University of Nebraska, Lincoln Current Employment:  PhD Student, Computer Science Department, University of Illinois at Chicago Email: lsun29@uic.edu

Publications

1. Deep and Broad URL Feature Mining for Android Malware Detection
   Shanshan Wang, Zhenxiang Chen, Qiben Yan, Ke Ji, Lizhi Peng, Bo Yang, Mauro Conti
   Information Sciences, Nov. 2019. [BibTex]
2. Demystifying Application Performance Management Libraries for Android
   Yutian Tang, Zhan Xian, Hao Zhou, Xiapu Luo, Zhou Xu, Yajin Zhou, and Qiben Yan
   IEEE/ACM International Conference on Automated Software Engineering (ASE 2019) , San Diego, CA, USA, November 11-15, 2019. [BibTex]
3. Obfusifier: Obfuscation-resistant Android Malware Detection System
   Zhiqiang Li, Jun Sun, Qiben Yan, Witawas Srisa-An, and Yutaka Tsutano
   15th International Conference on Security and Privacy in Communication Networks (SecureComm 2019) , Orlando, FL, USA, October 23-25, 2019. [BibTex]
4. Characterizing Location-based Mobile Tracking in Mobile Ad Networks
   B. Hu, Q. Lin, Y. Zheng, Q. Yan, M. Troglia, and Q. Wang
   IEEE CNS 2019 , Washington D.C., USA, June 2019. [BibTex](Acceptance ratio: 32/115=27.8%)
5. DART: Detecting Unseen Malware Variants Using Adaptation Regularization Transfer Learning
   H. Li, Z. Chen, R. Spolaor, Q. Yan, C. Zhao, L. Peng, and B. Yang
   IEEE ICC 2019 , Shanghai, China, May 2019. [BibTex]
6. Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code
   M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo
   IEEE INFOCOM 2019 , Paris, France, April 2019. [BibTex](Acceptance ratio: 19.7%)
7. Significant Permission Identification for Machine Learning Based Android Malware Detection
   Lichao Sun, Jin Li, Qiben Yan, Zhiqiang Li, Witty Srisa-an, Heng Ye
   IEEE Transactions on Industrial Informatics, Vol: 14, No: 7, January 2018. [BibTex]
8. Detecting Android Malware Leveraging Text Semantics of Network Flows
   Shanshan Wang, Qiben Yan, Zhenxiang Chen, Bo Yang, Chuan Zhao, Mauro Conti
   IEEE Transactions on Information Forensics Security, Vol. 13, No. 5, May, 2018. [BibTex]
   
9. Machine Learning Based Mobile Malware Detection Using Highly Imbalanced Network Traffic
   Zhenxiang Chen, Qiben Yan, Hongbo Han, Shanshan Wang, Lizhi Peng, Lin Wang, Bo Yang
   Information Sciences, Vol. 433–434, April 2018, Pages 346-364. [BibTex]
   
10. Deep and Broad Learning based Detection of Android Malware via Network Traffic
    Shanshan Wang, Zhenxiang Chen, Qiben Yan, Ke Ji, Lin Wang, Bo Yang, and Mauro Conti
    IEEE/ACM IWQoS 2018 Short Paper, Banff, Alberta, Canada, June 2018. [BibTex]
    
11. GranDroid: Graph-based Detection of Malicious Network Behaviors in Android Applications
    Zhiqiang Li, Jun Sun, Qiben Yan, Witty Srisa-an, and Shakthi Bachala
    SecureComm 2018, Singapore, Singapore, Aug. 2018. [BibTex]
    
12. Lexical Mining of Malicious URLs for Classifying Android malware
    Shanshan Wang, Qiben Yan, Zhenxiang Chen, Lin Wang, Riccardo Spolaor, Bo Yang, and Mauro Conti
    SecureComm 2018, Singapore, Singapore, Aug. 2018. [BibTex]
    
13. Efficient Signature Generation for Classifying Cross-Architecture IoT Malware
    Mohannad Alhanahnah, Qicheng Lin, Qiben Yan, Ning Zhang, and Zhenxiang Chen
    IEEE Conference on Communications and Network Security (IEEE CNS) 2018, Beijing, China, May, 2018. [BibTex]
    
14. TextDroid: Semantics-based Detection of Mobile Malware Using Network Flows
    Shanshan Wang, Qiben Yan, Zhenxiang Chen, Bo Yang, Chuan Zhao, and Mauro Conti
    IEEE INFOCOM 2017 Workshop: MobiSec 2017, Atlanta, GA, USA, May, 2017. [BibTex]
    
15. SigPID: Significant Permission Identification for Android Malware Detection
    Lichao Sun, Zhiqiang Li, Qiben Yan, Witty Srisa-An and Yu Pan
    The 11th International Conference on Malicious and Unwanted Software (MALWARE 2016), Puerto Rico, USA, October, 2016.
    
16. DroidClassifier: Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware
    Zhiqiang Li, Lichao Sun, Qiben Yan, Witty Srisa-An and Zhenxiang Chen
    SECURECOMM 2016, Guangzhou, China, October, 2016.
    

Disclaimer: The papers here are made available for timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders.

Curriculum Development and Outreach

• University of Nebraska, Lincoln: CSCE 990: Mobile and Wireless Security (covers mobile malware analysis, and mobile system security);
• Michigan State University: CSE 824: Advanced Computer Networks and Communications (covers high-speed wide area networks, local area networks, wireless and mobile computing networks, optical networks, and multimedia networking).

Note: Any opinions, findings and conclusions or recommendations expressed on this web page are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).