Detecting and characterising of mobile advertisement network traffic using graph modelling

Abstract

Many 'free' applications are provided for Android. These include advertisement (ad) modules manage ad services and track user sensitive behaviour. These sometimes lead violations of privacy. We analysed 797 of 1,188 applications included 45 known ad modules and found characteristic ad network traffic patterns. In order to accurately differentiate traffic between ad modules and valid application, we propose a novel method based on the distance between traffic graphs mapping the relationships between HTTP sessions. Using this method, we can detect ad modules' traffic by comparing session graphs with known ad graphs. In evaluation, we generated 20,903 graphs from applications traffic includes 4,698 known ad graphs, manually identified 2,000 ad graphs, and 2,000 standard application graphs. We also evaluated graph screening for detection accuracy. Our approach showed 76% detection rate for known ad graphs, 96% detection rate for manually classified ad graphs, and under 10% false positive rate for standard graphs.