Analysis of Malware Application Based on Massive Network Traffic

摘要

Security and privacy issues are magnified by velocity,volume,and variety of big data.User's privacy is an even more sensitive topic attracting most people's attention.While Xcode-Ghost,a malware of iOS emerging in late 2015,leads to the privacy-leakage of a large number of users,only a few studies have examined Xcode-Ghost based on its source code.In this paper we describe observations by monitoring the network activities for more than 2.59 million iPhone users in a provincial area across 232 days.Our analysis reveals a number of interesting points.For example,we propose a decay model for the prevalence rate of XcodeGhost and we find that the ratio of the infected devices is more than 60％;that a lot of popular applications,such as Wechat,railway 12306,didi taxi,Youku video are also infected;and that the duration as well as the traffic volume of most XcodeGhost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found.Besides,we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications.The identifying result shows the efficiency of this model.