What you see predicts what you get—lightweight agent-based malware detection
Article first published online: 18 APR 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 1, pages 33–48, January 2013
How to Cite
Wang, W., Murynets, I., Bickford, J., Wart, C. V. and Xu, G. (2013), What you see predicts what you get—lightweight agent-based malware detection. Security Comm. Networks, 6: 33–48. doi: 10.1002/sec.528
- Issue published online: 26 DEC 2012
- Article first published online: 18 APR 2012
- malware detection;
- malware propagation;
- mobile malware;
- latent space model
Because of the always connected nature of mobile devices, as well as the unique interfaces they expose, such as short message service (SMS), multimedia messaging service (MMS), and Bluetooth, classes of mobile malware tend to propagate using means unseen in the desktop world. In this paper, we propose a lightweight malware detection system on mobile devices to detect, analyze, and predict malware propagating via SMS and MMS messages. We deploy agents in the form of hidden contacts on the device to capture messages sent from malicious applications. Once captured, messages can be further analyzed to identify a message signature as well as potentially a signature for the malicious application itself. By feeding the observed messages over time to a latent space model, the system can estimate the current dynamics and predict the future state of malware propagation within the mobility network. One distinct feature of our system is that it is lightweight and suitable for wide deployment. The system shows a good performance even when only 10% of mobile devices are equipped with three agents on each device. Moreover, the model is generic and independent of malware propagation schemes. We prototype the system on the Android platform in a universal mobile telecommunications system laboratory network to demonstrate the feasibility of deploying agents on mobile devices as well as collecting and blocking malware-carrying messages within the mobility network. We also show that the proposed latent space model estimates the state of malware propagation accurately, regardless of the propagation scheme. Copyright © 2012 John Wiley & Sons, Ltd.