Detecting and Classifying Android PUAs by Similarity of DNS queries

Mitsuhiro Hatada; Tatsuya Mori

doi:10.1109/COMPSAC.2017.103

Detecting and Classifying Android PUAs by Similarity of DNS queries

Mitsuhiro Hatada, Tatsuya Mori

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

This work develops a method of detecting and classifying 'potentially unwanted applications' (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for the detection and classification of PUAs. Next, we show that existing DNS blacklists are ineffective to perform these tasks. Finally, we demonstrate that our methodology performed with high accuracy.

Original language	English
Title of host publication	Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017
Editors	Claudio Demartini, Ji-Jiang Yang, Sheikh Iqbal Ahamed, Thomas Conte, Toyokazu Akiyama, Sorel Reisman, Hiroki Takakura, Kamrul Hasan, William Claycomb, Motonori Nakamura, Edmundo Tovar, Zhiyong Zhang, Ling Liu, Chung-Horng Lung, Stelvio Cimato
Publisher	IEEE Computer Society
Pages	590-595
Number of pages	6
ISBN (Electronic)	9781538603673
DOIs	https://doi.org/10.1109/COMPSAC.2017.103
Publication status	Published - 2017 Sept 7
Event	41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017 - Torino, Italy Duration: 2017 Jul 4 → 2017 Jul 8

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	2
ISSN (Print)	0730-3157

Other

Other	41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017
Country/Territory	Italy
City	Torino
Period	17/7/4 → 17/7/8

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC.2017.103

Cite this

Hatada, M., & Mori, T. (2017). Detecting and Classifying Android PUAs by Similarity of DNS queries. In C. Demartini, J-J. Yang, S. I. Ahamed, T. Conte, T. Akiyama, S. Reisman, H. Takakura, K. Hasan, W. Claycomb, M. Nakamura, E. Tovar, Z. Zhang, L. Liu, C-H. Lung, & S. Cimato (Eds.), Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017 (pp. 590-595). [8029995] (Proceedings - International Computer Software and Applications Conference; Vol. 2). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2017.103

Detecting and Classifying Android PUAs by Similarity of DNS queries. / Hatada, Mitsuhiro; Mori, Tatsuya.
Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017. ed. / Claudio Demartini; Ji-Jiang Yang; Sheikh Iqbal Ahamed; Thomas Conte; Toyokazu Akiyama; Sorel Reisman; Hiroki Takakura; Kamrul Hasan; William Claycomb; Motonori Nakamura; Edmundo Tovar; Zhiyong Zhang; Ling Liu; Chung-Horng Lung; Stelvio Cimato. IEEE Computer Society, 2017. p. 590-595 8029995 (Proceedings - International Computer Software and Applications Conference; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hatada, M & Mori, T 2017, Detecting and Classifying Android PUAs by Similarity of DNS queries. in C Demartini, J-J Yang, SI Ahamed, T Conte, T Akiyama, S Reisman, H Takakura, K Hasan, W Claycomb, M Nakamura, E Tovar, Z Zhang, L Liu, C-H Lung & S Cimato (eds), Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017., 8029995, Proceedings - International Computer Software and Applications Conference, vol. 2, IEEE Computer Society, pp. 590-595, 41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017, Torino, Italy, 17/7/4. https://doi.org/10.1109/COMPSAC.2017.103

Hatada M, Mori T. Detecting and Classifying Android PUAs by Similarity of DNS queries. In Demartini C, Yang J-J, Ahamed SI, Conte T, Akiyama T, Reisman S, Takakura H, Hasan K, Claycomb W, Nakamura M, Tovar E, Zhang Z, Liu L, Lung C-H, Cimato S, editors, Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017. IEEE Computer Society. 2017. p. 590-595. 8029995. (Proceedings - International Computer Software and Applications Conference). doi: 10.1109/COMPSAC.2017.103

Hatada, Mitsuhiro ; Mori, Tatsuya. / Detecting and Classifying Android PUAs by Similarity of DNS queries. Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017. editor / Claudio Demartini ; Ji-Jiang Yang ; Sheikh Iqbal Ahamed ; Thomas Conte ; Toyokazu Akiyama ; Sorel Reisman ; Hiroki Takakura ; Kamrul Hasan ; William Claycomb ; Motonori Nakamura ; Edmundo Tovar ; Zhiyong Zhang ; Ling Liu ; Chung-Horng Lung ; Stelvio Cimato. IEEE Computer Society, 2017. pp. 590-595 (Proceedings - International Computer Software and Applications Conference).

@inproceedings{7f6308355d204364abfe3da34df9a443,

title = "Detecting and Classifying Android PUAs by Similarity of DNS queries",

abstract = "This work develops a method of detecting and classifying 'potentially unwanted applications' (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for the detection and classification of PUAs. Next, we show that existing DNS blacklists are ineffective to perform these tasks. Finally, we demonstrate that our methodology performed with high accuracy.",

author = "Mitsuhiro Hatada and Tatsuya Mori",

note = "Funding Information: We thank Mr. Yuta Ishii and Mr. Sho Mizuno for collecting valuable datasets. A part of this work was supported by JSPS Grant-in-Aid for Scientific Research B, Grant Number JP16H02832; 41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017 ; Conference date: 04-07-2017 Through 08-07-2017",

year = "2017",

month = sep,

day = "7",

doi = "10.1109/COMPSAC.2017.103",

language = "English",

series = "Proceedings - International Computer Software and Applications Conference",

publisher = "IEEE Computer Society",

pages = "590--595",

editor = "Claudio Demartini and Ji-Jiang Yang and Ahamed, {Sheikh Iqbal} and Thomas Conte and Toyokazu Akiyama and Sorel Reisman and Hiroki Takakura and Kamrul Hasan and William Claycomb and Motonori Nakamura and Edmundo Tovar and Zhiyong Zhang and Ling Liu and Chung-Horng Lung and Stelvio Cimato",

booktitle = "Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017",

}

TY - GEN

T1 - Detecting and Classifying Android PUAs by Similarity of DNS queries

AU - Hatada, Mitsuhiro

AU - Mori, Tatsuya

N1 - Funding Information: We thank Mr. Yuta Ishii and Mr. Sho Mizuno for collecting valuable datasets. A part of this work was supported by JSPS Grant-in-Aid for Scientific Research B, Grant Number JP16H02832

PY - 2017/9/7

Y1 - 2017/9/7

N2 - This work develops a method of detecting and classifying 'potentially unwanted applications' (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for the detection and classification of PUAs. Next, we show that existing DNS blacklists are ineffective to perform these tasks. Finally, we demonstrate that our methodology performed with high accuracy.

AB - This work develops a method of detecting and classifying 'potentially unwanted applications' (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for the detection and classification of PUAs. Next, we show that existing DNS blacklists are ineffective to perform these tasks. Finally, we demonstrate that our methodology performed with high accuracy.

UR - http://www.scopus.com/inward/record.url?scp=85032873174&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85032873174&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2017.103

DO - 10.1109/COMPSAC.2017.103

M3 - Conference contribution

AN - SCOPUS:85032873174

T3 - Proceedings - International Computer Software and Applications Conference

SP - 590

EP - 595

BT - Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017

A2 - Demartini, Claudio

A2 - Yang, Ji-Jiang

A2 - Ahamed, Sheikh Iqbal

A2 - Conte, Thomas

A2 - Akiyama, Toyokazu

A2 - Reisman, Sorel

A2 - Takakura, Hiroki

A2 - Hasan, Kamrul

A2 - Claycomb, William

A2 - Nakamura, Motonori

A2 - Tovar, Edmundo

A2 - Zhang, Zhiyong

A2 - Liu, Ling

A2 - Lung, Chung-Horng

A2 - Cimato, Stelvio

PB - IEEE Computer Society

T2 - 41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017

Y2 - 4 July 2017 through 8 July 2017

ER -

Detecting and Classifying Android PUAs by Similarity of DNS queries

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this