Detecting blacklisted URLs from unmodified and non-rooted Android devices

摘要

Smart devices are everywhere nowadays, such as smartphones and tablets where the Android platform is dominant in this mobile era. As a consequence of this popularity, the malware targeting Android smartphones has also mushroomed. Android malware is one of the major security issues and fast growing threats facing the Internet in the mobile arena, today. So, in this context, DNS (Domain Name System) is widely misused by miscreants in order to provide internet connection within malicious networks and botnets. In our experiments, we use the MalGenome dataset in order to generate network traffic. Besides, most of the malware we examine use DNS in order to obtain the IP address of their command and control servers. Then, the problem of determining the DNS queries done by the malware through devices without modifying the firmware or rooting smartphone, is very important and it poses a big challenge. From traces we generated from apps under test, we can extract malicious URLs invoked by the malware.