A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Symbian OS Platform Security
Proactive security for mobile messaging networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Vulnerability Analysis of MMS User Agents
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A trusted mobile phone reference architecturevia secure kernel
Proceedings of the 2007 ACM workshop on Scalable trusted computing
One-handed touchscreen input for legacy applications
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A systematic approach for cell-phone worm containment
Proceedings of the 17th international conference on World Wide Web
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Using labeling to prevent cross-service attacks against smart phones
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
A specification based intrusion detection framework for mobile phones
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
L4Android: a generic operating system framework for secure smartphones
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis
Proceedings of the 10th international conference on Mobile systems, applications, and services
ProfileDroid: multi-layer profiling of android applications
Proceedings of the 18th annual international conference on Mobile computing and networking
MADAM: a multi-level anomaly detector for android malware
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Mobile-sandbox: having a deeper look into android applications
Proceedings of the 28th Annual ACM Symposium on Applied Computing
PREC: practical root exploit containment for android devices
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.