A Cellphone Malicious Behaviors Research Based On Mobile Base Station Data

With the popularity of smartphones and 4G mobile networks,the mobile Internet industry has grown rapidly in recent years,bringing various security issues such as Android application malware and pirated software.Android users are therefore exposed to viruses,Trojans,worms,and Botnets,etc.,so the research of Android security develop together.On the one hand,researchers protect Android applications through technologies such as software packing and code restoration.On the other hand,they detect malicious traffic,so the malicious behavior on mobile phones can be found.Android application protection scheme researches on application,verify the legality and the security of application.Android traffic detection scheme monitors device traffic to detect illegal uploads and downloads.Only malicious servers are identified through traffic,and the protection of the Android client is ignored by monitors.There is no unified detection and protection scheme with the Android application protection.Based on the existing work,this thesis deeply researches the basis of mobile phone malicious traffic,then summarizes and analyzes the related existing literature.This thesis proposes a mobile terminal APT malicious traffic detection method based on DNS characteristics and network traffic characteristics,and a mobile terminal botnet malicious traffic detection method based on DNS characteristics.This thesis establishes machine learning-based anomaly detection model,and uses a reputation engine based on multi-classifier fusion technology to comprehensively evaluate suspicious IP addresses,and uses two methods to detect different types of mobile phone malware in parallel.Finally,using traffic classification technology,the Android application that generates malicious traffic is associated with malicious traffic through the fingerprint matching of the application to achieve the purpose of malicious traffic location.This thesis cooperates with the mobile device protection scheme and mobile traffic detection scheme,establishes a unified model for malicious traffic identification and malicious application location,and uses public data sets for experiments.It has obtained a malicious traffic detection rate of 96%and also a high accuracy of positioning.