Encrypted Malware Traffic Detection Via Time-Frequency Domain Analysis

Encrypted Malware Traffic Detection Via Time-Frequency Domain Analysis

연구 분야: Safety

학회: International Conference on Algorithms and Architectures for Parallel Processing

Due to the free and open source nature of the Android operating system, the number of Android malware is growing exponentially, which poses a serious threat to the property and privacy of Android users. Existing machine learning methods suffer from complex feature engineering, high workload, and weak generalization ability. In this paper, we propose WT-NET, a machine-learning based approach for Android malware detection, which first characterizes Android application traffic as a grayscale graph and transforms the traffic detection problem into an image classification problem. For the grayscale map characterization results, we further extract the time-frequency features of the traffic grayscale map using wavelet transform and achieve effective Android malware detection by combining the time-domain features with the frequency-domain features. To demonstrate the validity of WT-NET, we conducted an experimental evaluation using the publicly available dataset CICAndMal2017. Experimental results show that the method exhibits good performance in terms of efficiency and accuracy. Specifically, it was able to achieve 97.66% accuracy in experiments on benign-malicious coarse-grained classification, and it was able to achieve 94.17% accuracy in experiments on fine-grained classification of 42 malware families. Moreover, compared to other methods, this method can achieve a high accuracy rate with fewer training rounds.