Abstract
The emergence of information theft poses a serious threat to mobile users. Short message service (SMS), as a mainstream communication medium, is usually used by attackers to implement propagation, command and control. The previous detection works are based on the local perspective of terminals, and it is difficult to find all the victims and covert attackers for a theft event. In order to address this problem, we propose DITA-NCG, a method that globally detects information theft attacks based on node communication graph (NCG). The communication behavior of a NCG’s node is expressed by both call detail record (CDR) vectors and network flow vectors. Firstly, we use CDR vectors to implement social subgraph division and find suspicious subgraphs with SMS information entropy. Secondly, we use network flow vectors to distinguish information theft attack graphs from suspicious subgraphs, which help us to identify information theft attack. Finally, we evaluate DITA-NCG by using real world network flows and CDRs , and the result shows that DITA-NCG can effectively and globally detect information theft attack in mobile network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
App market of yingyongbao. https://android.myapp.com/ (2021)
Virusshare. https://virusshare.com/ (2021)
Virustotal. https://www.virustotal.com/ (2021)
Alam, S., Alharbi, S.A., Yildirim, S.: Mining nested flow of dominant APIs for detecting android malware. Comput. Netw. 167, 107026 (2020)
Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices 49(6), 259–269 (2014)
Blondel, V.D., Decuyper, A., Krings, G.: A survey of results on mobile phone datasets analysis. EPJ Data Sci. 4(1), 1–55 (2015). https://doi.org/10.1140/epjds/s13688-015-0046-0
Bogomolov, A., Lepri, B., Staiano, J., Oliver, N., Pianesi, F., Pentland, A.: Once upon a crime: towards crime prediction from demographics and mobile data. In: Proceedings of the 16th International Conference on Multimodal Interaction, pp. 427–434. ACM (2014)
Cheng, Z., Chen, X., Zhang, Y., Li, S., Sang, Y.: Detecting information theft based on mobile network flows for android users. In: 2017 International Conference on Networking, Architecture, and Storage (NAS), pp. 1–10. IEEE (2017)
Cheng, Z., Chen, X., Zhang, Y., Li, S., Xu, J.: MUI-defender: CNN-Driven, network flow-based information theft detection for mobile users. In: Gao, H., Wang, X., Yin, Y., Iqbal, M. (eds.) CollaborateCom 2018. LNICST, vol. 268, pp. 329–345. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12981-1_23
Conti, M., Mancini, L.V., Spolaor, R., Verde, N.V.: Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur. 11(1), 114–125 (2016)
De Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)
Desnos, A., et al.: Androguard: Reverse engineering, malware and goodware analysis of android applications. https://code.google.com/p/androguard/153 (2013)
Enck, W., et al.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57(3), 99–106 (2014)
Horak, R.: Telecommunications and Data Communications Handbook. Wiley (2007). https://books.google.com/books?id=dO2wCCB7w9sC
N,B.: Fakespy - android information stealing malware attack to steal text messages, call records & contacts. https://gbhackers.com/fakespy/ (2019)
Petersen, J.: The Telecommunications Illustrated Dictionary. CRC Press advanced and emerging communications technologies series, CRC Press (2002). https://books.google.com/books?id=b2mMzS0hCkAC
Peterson, K.: Business Telecom Systems: A Guide to Choosing the Best Technologies and Services. Taylor & Francis (2000). https://books.google.com/books?id=W79R0niNU5wC
Ratti, C., Sobolevsky, S., Calabrese, F., Andris, C., Reades, J., Martino, M., Claxton, R., Strogatz, S.H.: Redrawing the map of great Britain from a network of human interactions. PLoS ONE 5(12), e14248 (2010)
Ren, J., Rao, A., Lindorfer, M., Legout, A., Choffnes, D.: ReCon: revealing and controlling PII leaks in mobile network traffic. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pp. 361–374. ACM (2016)
Sultan, K., Ali, H., Ahmad, A., Zhang, Z.: Call details record analysis: a spatiotemporal exploration toward mobile traffic classification and optimization. Information 10(6), 192 (2019)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: AppScanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 439–454. IEEE (2016)
Wang, S., Yan, Q., Chen, Z., Yang, B., Zhao, C., Conti, M.: Detecting android malware leveraging text semantics of network flows. IEEE Trans. Inf. Forensics Secur. 13(5), 1096–1109 (2017)
Wu, L.: First kotlin-developed malicious app signs users up for premium sms services. http://t.cn/EMSyiof (2019)
Yun, X., Li, S., Zhang, Y.: SMS worm propagation over contact social networks: modeling and validation. IEEE Trans. Inf. Forensics Secur. 10(11), 2365–2380 (2015)
Zang, H., Bolot, J.: Anonymization of location data does not work: a large-scale measurement study. In: Proceedings of the 17th Annual International Conference on Mobile Computing and Networking, pp. 145–156. ACM (2011)
Zhang, Y., et al.: Lies in the air: characterizing fake-base-station spam ecosystem in china. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 521–534 (2020)
Acknowledgement
This work is supported by the National Key Research and Development Program of China (Grant No. 2019YFB1005201). We would also like to thank the reviewers for the thorough comments and helpful suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cheng, Z., Yun, X., Li, S., Geng, J., Qin, R., Fan, L. (2022). DITA-NCG: Detecting Information Theft Attack Based on Node Communication Graph. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2022. ICCS 2022. Lecture Notes in Computer Science, vol 13350. Springer, Cham. https://doi.org/10.1007/978-3-031-08751-6_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-08751-6_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08750-9
Online ISBN: 978-3-031-08751-6
eBook Packages: Computer ScienceComputer Science (R0)