TY - GEN
T1 - Encrypted Malware Traffic Detection Via Time-Frequency Domain Analysis
AU - Liu, Yukai
AU - Jia, Jizhe
AU - Wu, Jinhe
AU - Ai, Junyu
AU - Shen, Meng
AU - Zhu, Liehuang
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.
PY - 2025
Y1 - 2025
N2 - Due to the free and open source nature of the Android operating system, the number of Android malware is growing exponentially, which poses a serious threat to the property and privacy of Android users. Existing machine learning methods suffer from complex feature engineering, high workload, and weak generalization ability. In this paper, we propose WT-NET, a machine-learning based approach for Android malware detection, which first characterizes Android application traffic as a grayscale graph and transforms the traffic detection problem into an image classification problem. For the grayscale map characterization results, we further extract the time-frequency features of the traffic grayscale map using wavelet transform and achieve effective Android malware detection by combining the time-domain features with the frequency-domain features. To demonstrate the validity of WT-NET, we conducted an experimental evaluation using the publicly available dataset CICAndMal2017. Experimental results show that the method exhibits good performance in terms of efficiency and accuracy. Specifically, it was able to achieve 97.66% accuracy in experiments on benign-malicious coarse-grained classification, and it was able to achieve 94.17% accuracy in experiments on fine-grained classification of 42 malware families. Moreover, compared to other methods, this method can achieve a high accuracy rate with fewer training rounds.
AB - Due to the free and open source nature of the Android operating system, the number of Android malware is growing exponentially, which poses a serious threat to the property and privacy of Android users. Existing machine learning methods suffer from complex feature engineering, high workload, and weak generalization ability. In this paper, we propose WT-NET, a machine-learning based approach for Android malware detection, which first characterizes Android application traffic as a grayscale graph and transforms the traffic detection problem into an image classification problem. For the grayscale map characterization results, we further extract the time-frequency features of the traffic grayscale map using wavelet transform and achieve effective Android malware detection by combining the time-domain features with the frequency-domain features. To demonstrate the validity of WT-NET, we conducted an experimental evaluation using the publicly available dataset CICAndMal2017. Experimental results show that the method exhibits good performance in terms of efficiency and accuracy. Specifically, it was able to achieve 97.66% accuracy in experiments on benign-malicious coarse-grained classification, and it was able to achieve 94.17% accuracy in experiments on fine-grained classification of 42 malware families. Moreover, compared to other methods, this method can achieve a high accuracy rate with fewer training rounds.
KW - Android malware
KW - Deep learning
KW - Encrypted traffic classification
KW - Wavelet transform
UR - http://www.scopus.com/inward/record.url?scp=85218944253&partnerID=8YFLogxK
U2 - 10.1007/978-981-96-1548-3_7
DO - 10.1007/978-981-96-1548-3_7
M3 - Conference contribution
AN - SCOPUS:85218944253
SN - 9789819615476
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 98
EP - 110
BT - Algorithms and Architectures for Parallel Processing - 24th International Conference, ICA3PP 2024, Proceedings
A2 - Zhu, Tianqing
A2 - Li, Jin
A2 - Castiglione, Aniello
PB - Springer Science and Business Media Deutschland GmbH
T2 - 24th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2024
Y2 - 29 October 2024 through 31 October 2024
ER -