PWNEDCR 0x3

Protecting Mobile Devices from Malware Attacks with a Python IDS
2020-12-06, 11:00–11:45, Main Track

Technology poses a risk of cyber attacks to all of us, but mobile devices are more at risk because there are no good detection applications for phones, and because they are the target of many novel and advanced attacks. As users, we still don't have a good idea of what our phones are doing in the network since access to the traffic is restricted. This lack of visibility may have pushed the creation of more mobile malware. To be better protected, mobile devices need better detection solutions and tools from our community.

To encounter this problem, we have been working on the creation of an Android RATs’ dataset to further analyse RATs' network traffic behaviours, propose new detections models, and implement these detections in a Python-based IDS called Slips. Slips is a free software IDS that uses machine learning to detect attacks in the network traffic of devices. Slips offers to our community an open solution that we are working to improve with the latest technology to detect malicious activity in the network.

In this talk we will present and publish the first version of our dataset of Android RATs traffic, we will explain how the dataset was created and what is included in it. We will explain the development of Slips and how to use Slips for performing traffic analysis, behavioral study and detection of real malware executed in mobile devices. We will do a live demo how the current version of Slips can detect Android RAT activity. As far as we know, our Android RAT’s traffic dataset is the first one in the community, since we compiled and executed real Android RATs with our own C&C servers and we executed all the actions available on each of them.


Read abstract.