ABSTRACT
Smartphones have recently become increasingly popular because they provide "all-in-one" convenience by integrating traditional mobile phones with handheld computing devices. However, the flexibility of running third-party softwares also leaves the smartphones open to malicious viruses. In fact, hundreds of smartphone viruses have emerged in the past two years, which can quickly spread through various means such as SMS/MMS, Bluetooth and traditional IP-based applications. Our own implementations of two proof-of-concept viruses on Windows Mobile have confirmed the vulnerability of this popular smartphone platform.
In this paper, we present SmartSiren, a collaborative virusdetection and alert system for smartphones. In order to detect viruses, SmartSiren collects the communication activity information from the smartphones, and performs joint analysis to detect both single-device and system-wide abnormal behaviors. We use a proxy-based architecture to offload the processing burden from resource-constrained smartphones and simplify the collaboration among smartphones. When a potential virus is detected, the proxy quarantines the out-break by sending targeted alerts to those immediately threatened smartphones. We have demonstrated the feasibility of SmartSiren through implementations on a Dopod 577w smartphone, and evaluated its effectiveness using simulations driven by 3-week SMS traces from a national cellular carrier. Our results show that SmartSiren can effectively prevent wide-area virus outbreaks with affordable overhead.
- 29A lab: http://vx.netlux.org/29a/.Google Scholar
- 3GPP AT commands: http://www.3gpp.org/.Google Scholar
- Cell Spotting: http://www.cellspotting.com/.Google Scholar
- Danger Inc.: http://www.danger.com/platform/exp.php.Google Scholar
- Dopod 577w: http://www.dopodasia.com/.Google Scholar
- Flexispy: http://www.flexispy.com.Google Scholar
- HTC: http://www.htc.com/.Google Scholar
- http://developer.orangews.com/orgspv/comdefq.aspx.Google Scholar
- http://msdn.microsoft.com/windowsmobile/.Google Scholar
- https://www.symbiansigned.com/app/page.Google Scholar
- http://wiki.spv-developers.com/.Google Scholar
- http://www.f-secure.com/weblog/archives/archive-082005.html.Google Scholar
- Mobile malware evolution: An overview: http://www.viruslist.com/.Google Scholar
- Navizon: http://www.navizon.com.Google Scholar
- Phone viruses: how bad is it?: http://www.newscientist.com/article.ns?id=dn7080.Google Scholar
- Prank directs phones to call police: http://news.zdnet.com/.Google Scholar
- Securing consumer-friendly smart phones: http://news.com.com/.Google Scholar
- Sports fans in Helsinki falling prey to Cabir: http://news.zdnet.com/.Google Scholar
- T-Mobile SMS-to-Email: http://wiki.howardforums.com/index.php/.Google Scholar
- T-Mobile USA: http://www.t-mobile.com/.Google Scholar
- Virus Library: http://www.viruslibrary.com/.Google Scholar
- Windows mobile business value for mobile operators: http://download.microsoft.com/.Google Scholar
- www.sans.org/resources/idfaq/integritychecker.php.Google Scholar
- R. Agrawal, A. Evfimievski, and R. Srikant. Information sharing across private databases. In ACM SIGMOD '03, pages 86--97. ACM Press. Google ScholarDigital Library
- A. Bose and K. G. Shin. On mobile viruses exploiting messaging and bluetooth services. In SecureComm 06.Google Scholar
- D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing, 2004. Google ScholarDigital Library
- W. Enck, P. Traynor, P. McDaniel, and T. L. Porta. Exploiting open functionality in sms-capable cellular networks. In ACM CCS '05. Google ScholarDigital Library
- C. Guo, H. J. Wang, and W. Zhu. Smart-phone attacks and defenses. In HotNets III, 2004.Google Scholar
- H. Kim and B. Karp. Autograph: Toward automated, distributed worm signature detection. In Usenix Security Symposium, CA, 2004. Google ScholarDigital Library
- C. Kreibich and J. Crowcroft. Honeycomb-creating intrusion detection signatures using honeypots. In HotNets II, Boston, November 2003.Google Scholar
- J. W. Mickens and B. D. Noble. Modeling epidemic spreading in mobile environments. In ACM WiSe '05. Google ScholarDigital Library
- S. Pohlig and M. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory, IT-24:106-110, 1978.Google ScholarDigital Library
- R. Racic, D. Ma, and H. Chen. Exploiting mms vulnerabilities to stealthily exhaust mobile phone's battery. In SecureComm 06.Google Scholar
- J. Su, K. K. W. Chan, A. G. Miklas, K. Po, A. Akhavan, S. Saroiu, E. de Lara, and A. Goel. A preliminary investigation of worm infections in a bluetooth environment. In WORM '06. Google ScholarDigital Library
- G. V. Sumeet Singh, Cristian Estan and S. Savage. Automated worm fingerprinting. In OSDI '04, 2004. Google ScholarDigital Library
- D. Tang and M. Baker. Analysis of a metropolitan-area wireless network. Wirel. Netw., 2002. Google ScholarDigital Library
- P. Traynor, W. Enck, P. McDaniel, and T. L. Porta. Mitigating attacks on open functionality in sms-capable cellular networks. In ACM MobiCom '06. Google ScholarDigital Library
- C. C. Zou, W. Gong, D. Towsley, and L. Gao. The monitoring and early detection of internet worms. IEEE/ACM Trans. Netw., 2005. Google ScholarDigital Library
Index Terms
- SmartSiren: virus detection and alert for smartphones
Recommendations
Anti-Hijack
According to studies, Android is having the highest market share in smartphone operating systems. The number of Android apps (i.e. applications) are increasing day by day. Consequent threats and attacks on Android are also rising. There are a large ...
Intelligent virus detection on mobile devices
PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business ServicesIn this paper, we describe a new solution for detecting mobile phone viruses. The solution is based on Bayesian decision theory using heuristic rules derived from common functionalities among different virus samples. Specifically, we detect viruses ...
Metamorphic virus variants classification using opcode frequency histogram
ICCOMP'10: Proceedings of the 14th WSEAS international conference on Computers: part of the 14th WSEAS CSCC multiconference - Volume IIn order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus softwares, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or ...
Comments