Mobile Malware Network Packet Detection System based on SVM

• Main Authors: TAN, GENG-LUN, 譚庚倫
• Other Authors: CHIANG, CHING-CHUAN
• Format: Others
• Language: zh-TW
• Published: 2017
• Online Access: http://ndltd.ncl.edu.tw/handle/22019794505066543690

碩士 === 銘傳大學 === 資訊傳播工程學系碩士班 === 105 === Smart phones have become very popular recently. People get used to storing personal profiles such as contact information, email account and password, into their mobile devices. Almost all mobile phones used either Android or IOS operation system. People relying on mobile because of the convenience and functions. However there are some problems while using the mobile including mobile security. Android system is an open source, hence it allows the apps which are not authenticated by official company to be installed into user’s mobile phone. Because of the above reasons, the hackers’ attacking target starts to switch from PC to mobile phones. The hackers steal the user’s private information form user’s mobile devices with malware apps, or send the malware code to user’s phones to execute attack job. This research proposes an agent-based malware network packet detection system. The system employs agent app to periodically collect user’s network packets and store the packets into the pcap file. It then transfers the pcap file which stores the GET protocol packets to a remote server and stores GET protocol packet’s content into the database. The GET packet content in database is analyzed with Support Vector Machine (SVM) to predict the malware behavior. LibSVM and Scikit-learn are used to model the collected GET protocol packet’s contents, and their performances are compared in the thesis. This proposed system also provides interfaces including Agent App and website, which shows the results of the analysis, the history management and model management for the query of users.