Collaborative Computing: Networking, Applications and Worksharing. 14th EAI International Conference, CollaborateCom 2018, Shanghai, China, December 1-3, 2018, Proceedings

Research Article

MUI-defender: CNN-Driven, Network Flow-Based Information Theft Detection for Mobile Users

Download
136 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-12981-1_23,
        author={Zhenyu Cheng and Xunxun Chen and Yongzheng Zhang and Shuhao Li and Jian Xu},
        title={MUI-defender: CNN-Driven, Network Flow-Based Information Theft Detection for Mobile Users},
        proceedings={Collaborative Computing: Networking, Applications and Worksharing. 14th EAI International Conference, CollaborateCom 2018, Shanghai, China, December 1-3, 2018, Proceedings},
        proceedings_a={COLLABORATECOM},
        year={2019},
        month={2},
        keywords={Information theft Network flow Operation pattern CNN},
        doi={10.1007/978-3-030-12981-1_23}
    }
    
  • Zhenyu Cheng
    Xunxun Chen
    Yongzheng Zhang
    Shuhao Li
    Jian Xu
    Year: 2019
    MUI-defender: CNN-Driven, Network Flow-Based Information Theft Detection for Mobile Users
    COLLABORATECOM
    Springer
    DOI: 10.1007/978-3-030-12981-1_23
Zhenyu Cheng,*, Xunxun Chen,*, Yongzheng Zhang,*, Shuhao Li,*, Jian Xu,*
    *Contact email: chengzhenyu@iie.ac.cn, xx-chen@139.com, zhangyongzheng@iie.ac.cn, lishuhao@iie.ac.cn, xujian@iie.ac.cn

    Abstract

    Nowadays people save a lot of privacy information in mobile devices. These information can be theft by adversaries through suspicious apps installed in smartphones, and protecting users’ privacy has become a great challenge. So developing a method to identify if there are apps thieving users’ personal information in smartphones is important and necessary. Through the analysis of apps’ network traffic data, we observe that general apps generate regular network flows with the users’ normal operations. But information theft apps’ network flows have no relationship with users’ operations. In this paper we propose a model MUI-defender (Mobile Users’ Information defender), which is based on analyzing the relationship between users’ operation patterns and network flows with CNN (Convolutional Neural Network), can efficiently detect information theft. Because of C&C (Command-and-Control) server invalidation [33] and system version incompatibility [25], etc., most of the collected information theft apps can’t run properly in reality. So we extract information theft code modules from some of these apps, and then recode and compile them into the ITM-capsule (Information Theft Modules capsule) for verification. Finally, we run the ITM-capsule and several normal apps to detect the network flows, which shows our detection model can achieve an accuracy higher than 94%. Therefore, MUI-defender is suitable for detecting the network flows of information theft.