HomeEPiC SeriesKalpa PublicationsPreprintsFor AuthorsFor Editors
Download PDFOpen PDF in browser

A Three-Pronged Approach to Malicious APK: Combining Snort, Wireshark, and Wazuh for Advanced Threat Management

EasyChair Preprint 15528

12 pagesDate: December 4, 2024
Yi Anson Lam, Siu Ming Yiu and K P Chow

Abstract

In the evolving landscape of mobile security threats, traditional detection methods often struggle to effectively identify and mitigate the risks posed by malicious APKs. This study introduces an integrated approach that combines the strengths of Snort and Wireshark with the dynamic response capabilities of Wazuh Manager. Initially, we leverage Snort’s robust network intrusion detection capabilities, enhanced through a custom plugin in Wireshark, to monitor and analyze APK file transfers. This setup allows for effective capture and initial screening of APKs based on known malicious signatures and anomalous network patterns. Subsequently, Wazuh Manager is employed to facilitate an active response strategy. It automates the response to threats detected by Snort, such as isolating affected systems, alerting administrators, and preventing the execution of suspicious APKs. This proactive approach not only aims to stop malware before it causes harm but also adapts to the evolving threat landscape by continuously updating detection rules and response strategies based on new intelligence. Our research indicates that an effective defense against malicious APKs involves monitoring, detecting, and actively responding to these threats. The integration of these tools provides a scalable and adaptable framework that can evolve with emerging threats, offering practical solutions for both organizational and individual security needs. This research underscores the potential of combining network analysis tools with active response systems and lays the groundwork for future advancements in mobile security methodologies with such layered defense approach.

Keyphrases: APK, IDS, Kali Linux, Malware Detection System, Mobile Security, Snort, Wazuh, Wireshark, benign samples, integrated system, integration of snort, malicious and benign, manage and mitigate threats, mobile devices, mobile malware, network traffic

Links:https://easychair.org/publications/preprint/lJvC
BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@booklet{EasyChair:15528,
  author    = {Yi Anson Lam and Siu Ming Yiu and K P Chow},
  title     = {A Three-Pronged Approach to Malicious APK: Combining Snort, Wireshark, and Wazuh for Advanced Threat Management},
  howpublished = {EasyChair Preprint 15528},
  year      = {EasyChair, 2024}}
Download PDFOpen PDF in browser
Copyright © 2012-2024 easychair.org. All rights reserved.