Kamila Babayeva

Execution, Analysis and Detection of Android RATs traffic

Mobile devices are at risk of cyber attacks, and the most dangerous attacks on mobile phones are Remote Access Trojans (RAT). RAT are malicious programs that allow for unauthorized remote access of the infected phones to see their resources. Detecting Android RAT in the phone is a challenging task, that is why we propose to detect it in the network traffic. However, it is hard to access the network traffic in the phone, since there is no easy way to capture its traffic. More importantly, it's very hard or even impossible to have applications in the phones that can protect it from these attacks, leaving the detection in the network as the only option. In this bachelor thesis we research this problem of detecting RATs in phones by (1) creating an Android RATs’ dataset of real infected phones, (2) analysing RATs' network traffic behaviours, (3) proposing new detections model, and (4) implementing this detection module for RATs in a open-source Python-based intrusion detection system called Slips.