TY - GEN
T1 - PBMDS
T2 - 3rd ACM Conference on Wireless Network Security, WiSec'10
AU - Xie, Liang
AU - Zhang, Xinwen
AU - Seifert, Jean Pierre
AU - Zhu, Sencun
PY - 2010
Y1 - 2010
N2 - Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.
AB - Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.
UR - http://www.scopus.com/inward/record.url?scp=77952331717&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77952331717&partnerID=8YFLogxK
U2 - 10.1145/1741866.1741874
DO - 10.1145/1741866.1741874
M3 - Conference contribution
AN - SCOPUS:77952331717
SN - 9781605589237
T3 - WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security
SP - 37
EP - 48
BT - WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security
Y2 - 22 March 2010 through 24 March 2010
ER -