For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
CLAP: Classification of Android PUAs by Similarity of DNS Queries
Mitsuhiro HATADA Tatsuya MORI
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2020/02/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Security, Privacy, Anonymity and Trust in Cyberspace Computing and Communications)
Category: Network Security
PUA, PUP, potentially unwanted, DNS query, classification,
Full Text: PDF>>
This work develops a system called CLAP that detects and classifies “potentially unwanted applications” (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.