Paper Info
Title
pBMDS: a behavior-based malware detection system for cellphone devices
Abstract
Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.
Year
DOI
Venue
2010
10.1145/1741866.1741874
WISEC
Keywords
Field
DocType
operating user,human user,malware detection system,user operational pattern,correlating user input,cellphone malware,cellphone device,user behavior,major smartphone platform,major aspect,major application,behavior-based malware detection system,false positive rate,state transition,hidden markov model
Computer science,Computer security,Process state,Computer network,Input/output,System call,Cellular network,Probabilistic logic,Mobile phone,Malware,Hidden Markov model
Conference
Citations 
PageRank 
References 
58
3.67
17
Authors
4
Name
Order
Citations
PageRank
Liang Xie117618.24
Zhang Xinwen21695104.61
Jean-Pierre Seifert31946160.31
Sencun Zhu42581135.53