Talk With an Expert

Monitoring Network Traffic for Android Devices

Monitoring Network Traffic for Android Devices (PDF, 2.50MB)Published: 25 Jan, 2013
Created by
Angel Alonso-Parrizas

The same principles that organizations use to monitor network traffic go into their networks must be applied to the network traffic originating from mobile devices. This means that the techniques and tools, which would normally be used to collect and analyze network activity, can also be used to detect anomalous network traffic or network intrusions related to smartphones. This paper will therefore outline an architecture model, which can be used to analyze the network communications originating from Android devices and to detect any unusual traffic. As part of the exercise, a set of several tests involving real malware will be executed to gauge the effectiveness of said architecture. In addition to that, the aim of the exercise is to improve the detection mechanisms of the engine by creating new signatures to detect specific threats. Lastly, we will define incident-handling steps, which can be used to combat 0-day malware and known malware for which no signatures exist.