CLAP: Classification of Android PUAs by Similarity of DNS Queries
Summary :
This work develops a system called CLAP that detects and classifies “potentially unwanted applications” (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.
- Publication
- IEICE TRANSACTIONS on Information Vol.E103-D No.2 pp.265-275
- Publication Date
- 2020/02/01
- Publicized
- 2019/11/11
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2019INP0003
- Type of Manuscript
- Special Section PAPER (Special Section on Security, Privacy, Anonymity and Trust in Cyberspace Computing and Communications)
- Category
- Network Security
Authors
Mitsuhiro HATADA
Waseda University,NTT Coporation
Tatsuya MORI
Waseda University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Mitsuhiro HATADA, Tatsuya MORI, "CLAP: Classification of Android PUAs by Similarity of DNS Queries" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 2, pp. 265-275, February 2020, doi: 10.1587/transinf.2019INP0003.
Abstract: This work develops a system called CLAP that detects and classifies “potentially unwanted applications” (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019INP0003/_p
Copy
@ARTICLE{e103-d_2_265,
author={Mitsuhiro HATADA, Tatsuya MORI, },
journal={IEICE TRANSACTIONS on Information},
title={CLAP: Classification of Android PUAs by Similarity of DNS Queries},
year={2020},
volume={E103-D},
number={2},
pages={265-275},
abstract={This work develops a system called CLAP that detects and classifies “potentially unwanted applications” (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.},
keywords={},
doi={10.1587/transinf.2019INP0003},
ISSN={1745-1361},
month={February},}
Copy
TY - JOUR
TI - CLAP: Classification of Android PUAs by Similarity of DNS Queries
T2 - IEICE TRANSACTIONS on Information
SP - 265
EP - 275
AU - Mitsuhiro HATADA
AU - Tatsuya MORI
PY - 2020
DO - 10.1587/transinf.2019INP0003
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 2
JA - IEICE TRANSACTIONS on Information
Y1 - February 2020
AB - This work develops a system called CLAP that detects and classifies “potentially unwanted applications” (PUAs) such as adware or remote monitoring tools. Our approach leverages DNS queries made by apps. Using a large sample of Android apps from third-party marketplaces, we first reveal that DNS queries can provide useful information for detection and classification of PUAs. We then show that existing DNS blacklists are limited when performing these tasks. Finally, we demonstrate that the CLAP system performs with high accuracy.
ER -
English
