Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
Mitigating attacks on open functionality in SMS-capable cellular networks
Proceedings of the 12th annual international conference on Mobile computing and networking
An efficient signature representation and matching method for mobile devices
WICON '06 Proceedings of the 2nd annual international workshop on Wireless internet
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
A flexible security architecture to support third-party applications on mobile devices
Proceedings of the 2007 ACM workshop on Computer security architecture
Using SELinux security enforcement in Linux-based embedded devices
Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Detecting energy-greedy anomalies and mobile malware variants
Proceedings of the 6th international conference on Mobile systems, applications, and services
Intelligent virus detection on mobile devices
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
pBMDS: a behavior-based malware detection system for cellphone devices
Proceedings of the third ACM conference on Wireless network security
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Hi-index | 0.01 |
With the fast growth of mobile market, we are now seeing more and more malware on mobile phones. One common pattern of many commonly found malware on mobile phones is that: the malware always attempts to access sensitive system services on the mobile phone in an unobtrusive and stealthy fashion. For example, the malware may send messages automatically or stealthily interface with the audio peripherals on the device without the user's awareness and authorization. To detect the unauthorized malicious behavior, we present SBIDF, a Specification Based Intrusion Detection Framework, which utilizes the keypad or touchscreen interrupts to differentiate between malware and human activity. Specifically, in the proposed framework, we use an application independent specification, written in Temporal Logic of Causal Knowledge (TLCK), to describe the normal behavior pattern, and enforce this specification to all third party applications on the mobile phone during runtime by monitoring the inter-component communication pattern among critical components. Our evaluation of simulated behavior of real world malware shows that we are able to detect all forms of malware that attempts to access sensitive services without possessing user's permission. Furthermore, the SBIDF incurs a negligible overhead (20 µ secs) which makes it very feasible for real world deployment.