Detecting and Classifying Android PUAs by Similarity of DNS queries

Mitsuhiro Hatada, Tatsuya Mori

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    3 Citations (Scopus)

    Abstract

    This work develops a method of detecting and classifying 'potentially unwanted applications' (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for the detection and classification of PUAs. Next, we show that existing DNS blacklists are ineffective to perform these tasks. Finally, we demonstrate that our methodology performed with high accuracy.

    Original languageEnglish
    Title of host publicationProceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017
    PublisherIEEE Computer Society
    Pages590-595
    Number of pages6
    Volume2
    ISBN (Electronic)9781538603673
    DOIs
    Publication statusPublished - 2017 Sep 7
    Event41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017 - Torino, Italy
    Duration: 2017 Jul 42017 Jul 8

    Other

    Other41st IEEE Annual Computer Software and Applications Conference Workshops, COMPSAC 2017
    CountryItaly
    CityTorino
    Period17/7/417/7/8

      Fingerprint

    ASJC Scopus subject areas

    • Software
    • Computer Science Applications

    Cite this

    Hatada, M., & Mori, T. (2017). Detecting and Classifying Android PUAs by Similarity of DNS queries. In Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference Workshops, COMPSAC 2017 (Vol. 2, pp. 590-595). [8029995] IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2017.103