CLAP: Classification of android PUAs by similarity of DNS queries

Mitsuhiro Hatada; Tatsuya Mori

doi:10.1587/transinf.2019INP0003

CLAP: Classification of android PUAs by similarity of DNS queries

Mitsuhiro Hatada, Tatsuya Mori

School of Fundamental Science and Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

This work develops a system called CLAP that detects and classifies "potentially unwanted applications" (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.

Original language	English
Pages (from-to)	265-275
Number of pages	11
Journal	IEICE Transactions on Information and Systems
Volume	E103D
Issue number	2
DOIs	https://doi.org/10.1587/transinf.2019INP0003
Publication status	Published - 2020

Keywords

Classification
DNS query
PUA
PUP
Potentially unwanted

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Vision and Pattern Recognition
Electrical and Electronic Engineering
Artificial Intelligence

Access to Document

10.1587/transinf.2019INP0003

Cite this

@article{0f277990d7b945768c566bd8138cd889,

title = "CLAP: Classification of android PUAs by similarity of DNS queries",

abstract = "This work develops a system called CLAP that detects and classifies {"}potentially unwanted applications{"} (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.",

keywords = "Classification, DNS query, PUA, PUP, Potentially unwanted",

author = "Mitsuhiro Hatada and Tatsuya Mori",

note = "Funding Information: A part of this work was supported by JSPS Grant-in-Aid for Scientific Research B, Grant Number 16H02832. We thank Mr. Yuta Ishii and Mr. Sho Mizuno for collecting valuable datasets. Publisher Copyright: {\textcopyright} 2020 Institute of Electronics, Information and Communication, Engineers, IEICE. All rights reserved.",

year = "2020",

doi = "10.1587/transinf.2019INP0003",

language = "English",

volume = "E103D",

pages = "265--275",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "2",

}

TY - JOUR

T1 - CLAP

T2 - Classification of android PUAs by similarity of DNS queries

AU - Hatada, Mitsuhiro

AU - Mori, Tatsuya

N1 - Funding Information: A part of this work was supported by JSPS Grant-in-Aid for Scientific Research B, Grant Number 16H02832. We thank Mr. Yuta Ishii and Mr. Sho Mizuno for collecting valuable datasets. Publisher Copyright: © 2020 Institute of Electronics, Information and Communication, Engineers, IEICE. All rights reserved.

PY - 2020

Y1 - 2020

N2 - This work develops a system called CLAP that detects and classifies "potentially unwanted applications" (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.

AB - This work develops a system called CLAP that detects and classifies "potentially unwanted applications" (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.

KW - Classification

KW - DNS query

KW - PUA

KW - PUP

KW - Potentially unwanted

UR - http://www.scopus.com/inward/record.url?scp=85081680622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85081680622&partnerID=8YFLogxK

U2 - 10.1587/transinf.2019INP0003

DO - 10.1587/transinf.2019INP0003

M3 - Article

AN - SCOPUS:85081680622

SN - 0916-8532

VL - E103D

SP - 265

EP - 275

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

IS - 2

ER -

CLAP: Classification of android PUAs by similarity of DNS queries

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this