%0 Journal Article %A Xiaolin Gui %A Jun Liu %A Mucong Chi %A Chenyu Li %A Zhenming Lei %T Analysis of Malware Application Based on Massive Network Traffic %D 2016 %R %J China Communications %P 209-221 %V 13 %N 8 %X Security and privacy issues are magnified by velocity, volume, and variety of big data. User’s privacy is an even more sensitive topic attracting most people’s attention. While XcodeGhost, a malware of iOS emerging in late 2015, leads to the privacy-leakage of a large number of users, only a few studies have examined XcodeGhost based on its source code. In this paper we describe observations by monitoring the network activities for more than 2.59 million iPhone users in a provincial area across 232 days. Our analysis reveals a number of interesting points. For example, we propose a decay model for the prevalence rate of XcodeGhost and we find that the ratio of the infected devices is more than 60%; that a lot of popular applications, such as Wechat, railway 12306, didi taxi, Youku video are also infected; and that the duration as well as the traffic volume of most XcodeGhost-related HTTP-requests is similar with usual HTTP-request which makes it difficult to be found. Besides, we propose a heuristic model based on fingerprint and its web-knowledge to identify the infected applications. The identifying result shows the efficiency of this model. %U http://www.cic-chinacommunications.cn/EN/abstract/article_299.shtml