The ESTEREL synchronous programming language: design, semantics, implementation
Science of Computer Programming
The nature of statistical learning theory
The nature of statistical learning theory
Making large-scale support vector machine learning practical
Advances in kernel methods
An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond
Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
ACM Transactions on Computer Systems (TOCS)
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Modeling epidemic spreading in mobile environments
Proceedings of the 4th ACM workshop on Wireless security
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
NetSpy: Automatic Generation of Spyware Signatures for NIDS
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Bluetooth Worms: Models, Dynamics, and Defense Implications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Bluetooth worm propagation: mobility pattern matters!
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Can you infect me now?: malware propagation in mobile phone networks
Proceedings of the 2007 ACM workshop on Recurring malcode
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
Fine-grained I/O access control of the mobile devices based on the Xen architecture
Proceedings of the 15th annual international conference on Mobile computing and networking
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
VirusMeter: Preventing Your Cellphone from Spies
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
pBMDS: a behavior-based malware detection system for cellphone devices
Proceedings of the third ACM conference on Wireless network security
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
Journal of Systems and Software
Static analysis of executables for collaborative malware detection on android
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia
Fine-grained power modeling for smartphones using system call tracing
Proceedings of the sixth conference on Computer systems
Security versus energy tradeoffs in host-based mobile malware detection
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
A specification based intrusion detection framework for mobile phones
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Power fingerprinting in SDR integrity assessment for security and regulatory compliance
Analog Integrated Circuits and Signal Processing
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Automated remote repair for mobile malware
Proceedings of the 27th Annual Computer Security Applications Conference
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
Runtime verification meets android security
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis
Proceedings of the 10th international conference on Mobile systems, applications, and services
Modular anomaly detection for smartphone ad hoc communication
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Randomizing smartphone malware profiles against statistical mining techniques
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
Detecting money-stealing apps in alternative Android markets
Proceedings of the 2012 ACM conference on Computer and communications security
What you see predicts what you get—lightweight agent-based malware detection
Security and Communication Networks
Cloud-enabled privacy-preserving collaborative learning for mobile sensing
Proceedings of the 10th ACM Conference on Embedded Network Sensor Systems
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
ADAM: an automatic and extensible platform to stress test android anti-virus systems
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vetting undesirable behaviors in android apps with permission use analysis
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
The permission-based malicious behaviors monitoring model for the android OS
ICCSA'13 Proceedings of the 13th international conference on Computational Science and Its Applications - Volume 1
Efficient location aware intrusion detection to protect mobile devices
Personal and Ubiquitous Computing
WebCallerID: Leveraging cellular networks for Web authentication
Journal of Computer Security
| Hi-index | 0.00 |
A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices. First, we propose an efficient representation of malware behaviors based on a key observation that the logical ordering of an application's actions over time often reveals the malicious intent even when each action alone may appear harmless. Then, we generate a database of malicious behavior signatures by studying more than 25 distinct families of mobile viruses and worms targeting the Symbian OS - the most widely-deployed handset OS - and their variants. Next, we propose a two-stage mapping technique that constructs these signatures at run-time from the monitored system events and API calls in Symbian OS. We discriminate the malicious behavior of malware from the normal behavior of applications by training a classifier based on Support Vector Machines (SVMs). Our evaluation on both simulated and real-world malware samples indicates that behavioral detection can identify current mobile viruses and worms with more than 96% accuracy. We also find that the time and resource overheads of constructing the behavior signatures from low-level API calls are acceptably low for their deployment in mobile devices.