The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers

20th Annual Network and Distributed System Security Symposium, NDSS 2013

Volumn , Issue , 2013, Pages

  Lever, Charles ^a   Antonakakis, Manos ^b   Reaves, Brad ^a   Traynor, Patrick ^a   Lee, Wenke ^a  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

^b Damballa   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTERNET PROTOCOLS; MOBILE COMPUTING; MOBILE SECURITY;

CELLULARS; DNS TRAFFICS; IN-DEPTH ANALYSIS; INTERNET HOSTS; MALICIOUS TRAFFIC; MALWARE WRITERS; MALWARES; MOBILE APPLICATIONS; MOBILE MALWARE; RESEARCH COMMUNITIES;

MALWARE;

EID: 84951915648     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (48)

1. Admob. http://www.admob.com.
2. Heytell - instant voice messaging. http://heytell.com/front.html.
3. Android/DroidKungFu.A!tr. http://www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html, June 2011.
4. Android/FakeDoc.A!tr. http://www.fortiguard.com/av/VID3304615, Dec. 2011.
5. Android/Steek.A!tr. http://www.fortiguard.com/av/VID3458224, Jan. 2012.
6. Alexa. The web information company. http://www.alexa.com/, 2007.
7. M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster. Building a dynamic reputation system for DNS. In Proceedings of the 19th USENIX Security Symposium, 2010.
8. M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou, and D. Dagon. Detecting malware domains at the upper DNS hierarchy. In Proceedings of the 20th USENIX Security Symposium, 2011.
9. BBC News. Malicious app penetrates iTunes store to test security. http://www.bbc.co.uk/news/technology-15635408, 2012.
10. L. Bilge, E. Kirder, C. Kruegel, and M. Balduzzi. Exposure: Finding malicious domains using passive DNS analysis. In Proceedings of the 18th Network and Distributed Systems Symposium, 2011.
11. Cathal Mullaney and Jeet Morparia. Android.Tonclank. http://www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99, June 2011.
12. E. Chin, A. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of International Conference on Mobile Systems, Applications, and Services, 2011.
13. D. Dagon, M. Antonakakis, P. Vixie, T. Jinmei, and W. Lee. Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. In Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008.
14. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, 2010.
15. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android application security. In Proceedings of the 20th USENIX Security Symposium, 2011.
16. W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the ACM Conference on Computer and Communications Security, 2009.
17. W. Enck, M. Ongtang, and P. McDaniel. Understanding Android security. IEEE Security and Privacy Magazine, 7(1):50-57, 2009.
18. J. Erman, A. Gerber, K. K. Ramadrishnan, S. Sen, and O. Spatscheck. Over the top video: the gorilla in cellular networks. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, IMC'11, page 127136, New York, NY, USA, 2011. ACM.
19. H. Falaki, D. Lymberopoulos, R. Mahajan, S. Kandula, and D. Estrin. A first look at traffic on smartphones. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, IMC'10, page 281287, New York, NY, USA, 2010. ACM.
20. A. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the ACM Conference on Computer and Communication Security, 2011.
21. A. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 2011.
22. A. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In Proceedings of the USENIX Conference on Web Application Development, 2011.
23. A. Felt, H. Wang, A. Moschuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In Proceedings of the 20th USENIX Security Symposium, 2011.
24. A. Gember, A. Anand, and A. Akella. A comparative study of handheld and non-handheld traffic in campus Wi-Fi networks. In Proceedings of the 12th international conference on Passive and active measurement, PAM'11, page 173183, Berlin, Heidelberg, 2011. Springer-Verlag.
25. S. Hao, N. Feamster, and R. Pandrangi. An internet wide view into DNS lookup patterns. Technical report, Verisign Labs, 2010.
26. T. Holz, C. Gorecki, K. Rieck, and F. Freiling. Measuring and detecting fast-flux service networks. In Proceedings of Annual Network and Distributed Systems Security Symposium (NDSS), 2008.
27. J. Jung, E. Sit, H. Balakrishnan, and R. Morris. DNS performance and the effectiveness of caching. IEEE/ACM Transactions on Networking, 10(5):589-603, 2002.
28. M. Kassner. Google Play: Android's Bouncer can be pwned. http://www.techrepublic.com/blog/security/google-play-androids-bouncercan-be-pwned/8053, 2012.
29. C. Liu and P. Albitz. DNS and BIND. O'Reilly Media, 5th edition edition, 2006.
30. J. Ma, L. Saul, S. Savage, and G. Voelker. Beyond blacklists: Learning to detect malicious web sites from suspicious urls. In Proceedings of the SIGKDD Conference, 2009.
31. P. Mockapetris. Domain names - concepts and facilities. RFC 1034 (Standard), Nov. 1987. Updated by RFCs 1101, 1183, 1348, 1876, 1982, 2065, 2181, 2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592, 5936.
32. P. Mockapetris. Domain names - implementation and specification. RFC 1035 (Standard), Nov. 1987. Updated by RFCs 1101, 1183, 1348, 1876, 1982, 1995, 1996, 2065, 2136, 2181, 2137, 2308, 2535, 2845, 3425, 3658, 4033, 4034, 4035, 4343, 5936, 5966.
33. Nino Fred Gutierrez. Android.Gonesixty. http://www.symantec.com/security_response/writeup.jsp?docid=2011-093001-2649-99, Sept. 2011.
34. Piotr Krysiuk. Android.Ggtracker. http://www.symantec.com/security_response/writeup.jsp?docid=2011-062208-5013-99, June 2011.
35. F. Ricciato. Unwanted traffic in 3g networks. ACM SIGCOMM Computer Communication Review, 36(2):53-56, 2006.
36. P. Royal. Analysis of the kraken botnet. Technical report, Damballa Labs, 2008.
37. S. Shevchenko. Srizbi's domain calculator, 2008.
38. Takashi Katsuki. Android.Walkinwat. http://www.symantec.com/security_response/writeup.jsp?docid=2011-033008-4831-99, Mar. 2011.
39. Tim Wyatt. DroidDreamLight, new malware from the developers of DroidDream. http://blog.mylookout.com/blog/2011/05/30/security-alertdroiddreamlight-new-malware-from-thedevelopers-of-droiddream/, May 2011.
40. P. Traynor, C. Amrutkar, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. From Mobile Phones to Responsible Devices. Journal of Security and Communication Networks (SCN), 4(6):719-726, June 2011.
41. P. Traynor, W. Enck, P. McDaniel, and T. L. Porta. Exploiting open functionality in sms-capable cellular networks. Journal of Computer Security, 16(6):713-742, 2008.
42. P. Traynor, W. Enck, P. McDaniel, and T. L. Porta. Mitigating attacks on open functionality in sms-capable cellular networks. IEEE/ACM Transactions on Networking, 17(1):40-53, 2009.
43. P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, T. L. Porta, and P. McDaniel. On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In Proceedings of the ACM Conference on Computer and Communications Security, 2009.
44. P. Traynor, P. McDaniel, and T. L. Porta. On attack causality in internet-connected cellular networks. In Proceedings of the 16th Network and Distributed Systems Symposium, 2007.
45. D. Wessels, M. Fomenkov, N. Brownlee, and K. Claffy. Measurements and laboratory simulations of the upper DNS hierarchy. In Proceedings of Passive and Active Measurement Workshop, 2004.
46. Yi Li. Android.Notcompatible. http://www.symantec.com/security_response/writeup. jsp?docid=2012-050307-2712-99, May 2012.
47. Y. Zhou and X. Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the IEEE Symposium on Security and Privacy (OAKLAND), 2012.
48. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Network and Distributed System Security Symposium (NDSS), 2012.