dc.contributor.author |
Ajaeiya, Georgi Abdullah, |
dc.date.accessioned |
2017-12-11T16:30:48Z |
dc.date.available |
2017-12-11T16:30:48Z |
dc.date.issued |
2017 |
dc.date.submitted |
2017 |
dc.identifier.other |
b19183331 |
dc.identifier.uri |
http://hdl.handle.net/10938/20966 |
dc.description |
Thesis. M.E. American University of Beirut. Department of Electrical and Computer Engineering, 2017. ET:6590 |
dc.description |
Advisor : Dr. Ali Chehab, Professor, Electrical and Computer Engineering ; Members of Committee : Dr. Ayman Kayssi Professor, Electrical and Computer Engineering ; Dr. Imad H. Elhajj, Associate Professor, Electrical and Computer Engineering. |
dc.description |
Includes bibliographical references (leaves 73-77) |
dc.description.abstract |
Network operators and mobile carriers are facing serious security and QoS challenges caused by an increasing number of services provided by smartphone apps. For example, Android OS has more than 2 million apps in stores. Hence, network administrators tend to adopt strict policies to secure their infrastructure. At the same time these policies have to ensure and maintain an excellent user experience. Our aim in this study is to propose an efficient classification and novelty detection mechanism for mobile apps’ network-flows based on traffic analysis. The aim of this mechanism is to classify network flows based on a predefined set of classes which reflect user actions in each app. Such a mechanism can help network administrators to set QoS parameters according to traffic types over multiple network segments. Additionally, it helps in detecting new types of traffic that might be abnormal or malicious which can affect network performance. The mechanism differs from other proposed studies by focusing on identifying apps traffic from a network perspective without introducing additional clients on users’ smartphones, or requiring special privileges. It involves a technique for pre-possessing network flows to acquire a set of feature vectors (samples) that are used to build a classification model using supervised machine learning algorithms. The study includes a parameter tuning phase, and a performance comparison phase to assess multiple machine learning models at their best parameter values. It is revealed that classification ensembles called Random Forests outperform other types of supervised classifiers such as Multi-Class SVMs. The classification model is used in an outlier detection process that employs Bayesian Inference. The process uses a confidence score metric produced by the classification model to detect novel samples. We reached a high detection accuracy for novel samples at 97percent for benign apps and 92percent for malicious apps with a low false alarms rate at 3percent. |
dc.format.extent |
1 online resource (x, 77 leaves) : illustrations |
dc.language.iso |
eng |
dc.relation.ispartof |
Theses, Dissertations, and Projects |
dc.subject.classification |
ET:006590 |
dc.subject.lcsh |
Computer networks -- Security measures. |
dc.subject.lcsh |
Computer security. |
dc.subject.lcsh |
Mobile agents (Computer software) |
dc.subject.lcsh |
Smartphones -- Security measures. |
dc.subject.lcsh |
Androids. |
dc.subject.lcsh |
Intrusion detection systems (Computer security) |
dc.title |
Network traffic classification and novelty detection for mobile apps - |
dc.type |
Thesis |
dc.contributor.department |
Faculty of Engineering and Architecture. |
dc.contributor.department |
Department of Electrical and Computer Engineering, |
dc.contributor.institution |
American University of Beirut. |