PBMDS

A behavior-based malware detection system for cellphone devices

Liang Xie, Xinwen Zhang, Jean Pierre Seifert, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

84 Citations (Scopus)

Abstract

Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.

Original languageEnglish (US)
Title of host publicationWiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security
Pages37-48
Number of pages12
DOIs
StatePublished - May 21 2010
Event3rd ACM Conference on Wireless Network Security, WiSec'10 - Hoboken, NJ, United States
Duration: Mar 22 2010Mar 24 2010

Publication series

NameWiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security

Other

Other3rd ACM Conference on Wireless Network Security, WiSec'10
CountryUnited States
CityHoboken, NJ
Period3/22/103/24/10

Fingerprint

Smartphones
Hidden Markov models
Mobile phones
Wireless networks
Hardware
Malware
Experiments

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Cite this

Xie, L., Zhang, X., Seifert, J. P., & Zhu, S. (2010). PBMDS: A behavior-based malware detection system for cellphone devices. In WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security (pp. 37-48). (WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security). https://doi.org/10.1145/1741866.1741874
Xie, Liang ; Zhang, Xinwen ; Seifert, Jean Pierre ; Zhu, Sencun. / PBMDS : A behavior-based malware detection system for cellphone devices. WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security. 2010. pp. 37-48 (WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security).
@inproceedings{e635a411f286469bafbbeca2f3d41e33,
title = "PBMDS: A behavior-based malware detection system for cellphone devices",
abstract = "Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.",
author = "Liang Xie and Xinwen Zhang and Seifert, {Jean Pierre} and Sencun Zhu",
year = "2010",
month = "5",
day = "21",
doi = "10.1145/1741866.1741874",
language = "English (US)",
isbn = "9781605589237",
series = "WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security",
pages = "37--48",
booktitle = "WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security",

}

Xie, L, Zhang, X, Seifert, JP & Zhu, S 2010, PBMDS: A behavior-based malware detection system for cellphone devices. in WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security. WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security, pp. 37-48, 3rd ACM Conference on Wireless Network Security, WiSec'10, Hoboken, NJ, United States, 3/22/10. https://doi.org/10.1145/1741866.1741874

PBMDS : A behavior-based malware detection system for cellphone devices. / Xie, Liang; Zhang, Xinwen; Seifert, Jean Pierre; Zhu, Sencun.

WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security. 2010. p. 37-48 (WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - PBMDS

T2 - A behavior-based malware detection system for cellphone devices

AU - Xie, Liang

AU - Zhang, Xinwen

AU - Seifert, Jean Pierre

AU - Zhu, Sencun

PY - 2010/5/21

Y1 - 2010/5/21

N2 - Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.

AB - Computing environments on cellphones, especially smartphones, are becoming more open and general-purpose, thus they also become attractive targets of malware. Cellphone malware not only causes privacy leakage, extra charges, and depletion of battery power, but also generates malicious traffic and drains down mobile network and service capacity. In this work we devise a novel behavior-based malware detection system named pBMDS, which adopts a probabilistic approach through correlating user inputs with system calls to detect anomalous activities in cellphones. pBMDS observes unique behaviors of the mobile phone applications and the operating users on input and output constrained devices, and leverages a Hidden Markov Model (HMM) to learn application and user behaviors from two major aspects: process state transitions and user operational patterns. Built on these, pBDMS identifies behavioral differences between malware and human users. Through extensive experiments on major smartphone platforms, we show that pBMDS can be easily deployed to existing smartphone hardware and it achieves high detection accuracy and low false positive rates in protecting major applications in smartphones.

UR - http://www.scopus.com/inward/record.url?scp=77952331717&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77952331717&partnerID=8YFLogxK

U2 - 10.1145/1741866.1741874

DO - 10.1145/1741866.1741874

M3 - Conference contribution

SN - 9781605589237

T3 - WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security

SP - 37

EP - 48

BT - WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security

ER -

Xie L, Zhang X, Seifert JP, Zhu S. PBMDS: A behavior-based malware detection system for cellphone devices. In WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security. 2010. p. 37-48. (WiSec'10 - Proceedings of the 3rd ACM Conference on Wireless Network Security). https://doi.org/10.1145/1741866.1741874