Article

SmartSiren: virus detection and alert for smartphones

Authors:
Jerry Cheng

UCLA, Los Angeles, CA

UCLA, Los Angeles, CA
View Profile

,
Starsky H.Y. Wong

UCLA, Los Angeles, CA

UCLA, Los Angeles, CA
View Profile

,
Hao Yang

IBM T.J. Watson Research, Hawthorne, NY

IBM T.J. Watson Research, Hawthorne, NY
View Profile

,
Songwu Lu

UCLA, Los Angeles, CA

UCLA, Los Angeles, CA
View Profile

MobiSys '07: Proceedings of the 5th international conference on Mobile systems, applications and servicesJune 2007Pages 258–271https://doi.org/10.1145/1247660.1247690

Published:13 June 2007Publication History

MobiSys '07: Proceedings of the 5th international conference on Mobile systems, applications and services

Pages 258–271

ABSTRACT

Smartphones have recently become increasingly popular because they provide "all-in-one" convenience by integrating traditional mobile phones with handheld computing devices. However, the flexibility of running third-party softwares also leaves the smartphones open to malicious viruses. In fact, hundreds of smartphone viruses have emerged in the past two years, which can quickly spread through various means such as SMS/MMS, Bluetooth and traditional IP-based applications. Our own implementations of two proof-of-concept viruses on Windows Mobile have confirmed the vulnerability of this popular smartphone platform.

In this paper, we present SmartSiren, a collaborative virusdetection and alert system for smartphones. In order to detect viruses, SmartSiren collects the communication activity information from the smartphones, and performs joint analysis to detect both single-device and system-wide abnormal behaviors. We use a proxy-based architecture to offload the processing burden from resource-constrained smartphones and simplify the collaboration among smartphones. When a potential virus is detected, the proxy quarantines the out-break by sending targeted alerts to those immediately threatened smartphones. We have demonstrated the feasibility of SmartSiren through implementations on a Dopod 577w smartphone, and evaluated its effectiveness using simulations driven by 3-week SMS traces from a national cellular carrier. Our results show that SmartSiren can effectively prevent wide-area virus outbreaks with affordable overhead.

References

29A lab: http://vx.netlux.org/29a/.Google Scholar
3GPP AT commands: http://www.3gpp.org/.Google Scholar
Cell Spotting: http://www.cellspotting.com/.Google Scholar
Danger Inc.: http://www.danger.com/platform/exp.php.Google Scholar
Dopod 577w: http://www.dopodasia.com/.Google Scholar
Flexispy: http://www.flexispy.com.Google Scholar
HTC: http://www.htc.com/.Google Scholar
http://developer.orangews.com/orgspv/comdefq.aspx.Google Scholar
http://msdn.microsoft.com/windowsmobile/.Google Scholar
https://www.symbiansigned.com/app/page.Google Scholar
http://wiki.spv-developers.com/.Google Scholar
http://www.f-secure.com/weblog/archives/archive-082005.html.Google Scholar
Mobile malware evolution: An overview: http://www.viruslist.com/.Google Scholar
Navizon: http://www.navizon.com.Google Scholar
Phone viruses: how bad is it?: http://www.newscientist.com/article.ns?id=dn7080.Google Scholar
Prank directs phones to call police: http://news.zdnet.com/.Google Scholar
Securing consumer-friendly smart phones: http://news.com.com/.Google Scholar
Sports fans in Helsinki falling prey to Cabir: http://news.zdnet.com/.Google Scholar
T-Mobile SMS-to-Email: http://wiki.howardforums.com/index.php/.Google Scholar
T-Mobile USA: http://www.t-mobile.com/.Google Scholar
Virus Library: http://www.viruslibrary.com/.Google Scholar
Windows mobile business value for mobile operators: http://download.microsoft.com/.Google Scholar
www.sans.org/resources/idfaq/integritychecker.php.Google Scholar
R. Agrawal, A. Evfimievski, and R. Srikant. Information sharing across private databases. In ACM SIGMOD '03, pages 86--97. ACM Press. Google ScholarDigital Library
A. Bose and K. G. Shin. On mobile viruses exploiting messaging and bluetooth services. In SecureComm 06.Google Scholar
D. Dagon, T. Martin, and T. Starner. Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing, 2004. Google ScholarDigital Library
W. Enck, P. Traynor, P. McDaniel, and T. L. Porta. Exploiting open functionality in sms-capable cellular networks. In ACM CCS '05. Google ScholarDigital Library
C. Guo, H. J. Wang, and W. Zhu. Smart-phone attacks and defenses. In HotNets III, 2004.Google Scholar
H. Kim and B. Karp. Autograph: Toward automated, distributed worm signature detection. In Usenix Security Symposium, CA, 2004. Google ScholarDigital Library
C. Kreibich and J. Crowcroft. Honeycomb-creating intrusion detection signatures using honeypots. In HotNets II, Boston, November 2003.Google Scholar
J. W. Mickens and B. D. Noble. Modeling epidemic spreading in mobile environments. In ACM WiSe '05. Google ScholarDigital Library
S. Pohlig and M. Hellman. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory, IT-24:106-110, 1978.Google ScholarDigital Library
R. Racic, D. Ma, and H. Chen. Exploiting mms vulnerabilities to stealthily exhaust mobile phone's battery. In SecureComm 06.Google Scholar
J. Su, K. K. W. Chan, A. G. Miklas, K. Po, A. Akhavan, S. Saroiu, E. de Lara, and A. Goel. A preliminary investigation of worm infections in a bluetooth environment. In WORM '06. Google ScholarDigital Library
G. V. Sumeet Singh, Cristian Estan and S. Savage. Automated worm fingerprinting. In OSDI '04, 2004. Google ScholarDigital Library
D. Tang and M. Baker. Analysis of a metropolitan-area wireless network. Wirel. Netw., 2002. Google ScholarDigital Library
P. Traynor, W. Enck, P. McDaniel, and T. L. Porta. Mitigating attacks on open functionality in sms-capable cellular networks. In ACM MobiCom '06. Google ScholarDigital Library
C. C. Zou, W. Gong, D. Towsley, and L. Gao. The monitoring and early detection of internet worms. IEEE/ACM Trans. Netw., 2005. Google ScholarDigital Library

Index Terms

SmartSiren: virus detection and alert for smartphones
1. Security and privacy
  1. Network security

Recommendations

Anti-Hijack

According to studies, Android is having the highest market share in smartphone operating systems. The number of Android apps (i.e. applications) are increasing day by day. Consequent threats and attacks on Android are also rising. There are a large ...
Read More
Intelligent virus detection on mobile devices
PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services

In this paper, we describe a new solution for detecting mobile phone viruses. The solution is based on Bayesian decision theory using heuristic rules derived from common functionalities among different virus samples. Specifically, we detect viruses ...
Read More
Metamorphic virus variants classification using opcode frequency histogram
ICCOMP'10: Proceedings of the 14th WSEAS international conference on Computers: part of the 14th WSEAS CSCC multiconference - Volume I

In order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus softwares, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MobiSys '07: Proceedings of the 5th international conference on Mobile systems, applications and services
June 2007
310 pages
ISBN:9781595936141
DOI:10.1145/1247660
General Chair:
Edward W. Knightly
Rice University
,
Program Chairs:
Gaetano Borriello
University of Washington
,
Ramón Cáceres
IBM T.J. Watson Research Center
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 June 2007
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
alert
privacy
security
smartphone
virus detection
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate274of1,679submissions,16%
Upcoming Conference
MOBISYS '24

Sponsor:

sigmobile

The 22nd Annual International Conference on Mobile Systems, Applications and Services

June 3 - 7, 2024

Minato-ku, Tokyo , Japan
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 138
  Total Citations
  View Citations
- 2,288
  Total Downloads
- Downloads (Last 12 months)25
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

SmartSiren: virus detection and alert for smartphones

MobiSys '07: Proceedings of the 5th international conference on Mobile systems, applications and services

ABSTRACT

References

Cited By

Index Terms

Recommendations

Anti-Hijack

Intelligent virus detection on mobile devices

Metamorphic virus variants classification using opcode frequency histogram