Android RATs Detection With A Machine Learning-based Python IDS

November 18th @ 13:00 - 14:00 (GMT +4) // HITB Track 2

Technology poses a risk of cyber attacks to all of us, but mobile devices are more at risk because there are no good detection applications for phones, and because they are the target of many novel and advanced attacks. As users, we still don’t have a good idea of what our phones are doing in the network since access to the traffic is restricted. This lack of visibility may have pushed the creation of more mobile malware. To be better protected, mobile devices need better detection solutions and tools from our community.

To encounter this problem, we have been working on the creation of an Android RATs’ dataset to further analyse RATs’ network traffic behaviours, propose new detections models, and implement these detections in a Python-based IDS called Slips. Slips is a free software IDS that uses machine learning to detect attacks in the network traffic of devices. Slips offers to our community an open solution that we are working to improve with the latest technology to detect malicious activity in the network.

In this talk we will present and publish the first version of our dataset of Android RATs traffic, we will explain how the dataset was created and what is included in it. We will explain the development of Slips and how to use Slips for performing traffic analysis, behavioral study and detection of real malware executed in mobile devices. We will do a live demo how the current version of Slips can detect Android RAT activity. As far as we know, our Android RAT’s traffic dataset is the first one in the community, since we compiled and executed real Android RATs with our own C&C servers and we executed all the actions available on each of them.


Kamila Babayeva

Startosphere laboratory in Czech Technical University

Kamila Babayeva is a 20 years old and second-year bachelor student in the Computer Science and Electrical Engineering program at the Czech Technical University in Prague. She is a researcher in the Civilsphere project, a project dedicated to protecting civil organizations and individuals from targeted attacks. Her research focuses on helping people and protecting their digital rights by developing free software based on machine learning. Initially, she worked as a junior Malware Reverser. Currently, Kamila leads the development of the Stratosphere Linux Intrusion Prevent System (Slips), which is used to protect the civil society in the Civilsphere lab. Kamila has given a series of presentations about Slips and Kalipso architecture in conferences such as OWASP CZ Chapter and OpenAlt.

Sebastian Garcia

Startosphere laboratory in Czech Technical University

Sebastian is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.

Have you Registered?