Analysis of Mobile P2P Malware Detection Framework through Cabir & Commwarrior Families

Mobile Peer-to-Peer (P2P) malware has emerged as one of the major challenges in mobile network security in recent years. Around four hundred mobile viruses, worms, trojans and spy ware, together with approximately one thousand of their variants have been discovered to-date. So far no classification of such mobile P2P security threats exists. There is no well known simulation environment to model mobile P2P network characteristics and provide a platform for the analysis of the propagation of different types of mobile malware. Therefore, our research provides a classification of mobile malware based on the behaviour of a node during infection and develops a platform to analyse malware propagation. It proposes and evaluates a novel behaviour-based approach, using AI, for the detection of various malware families. Unlike existing approaches, our approach focuses on identifying and classifying malware families rather than detecting individual malware and their variants. Adaptive detection of currently known and previously unknown mobile malware on designated mobile nodes through a deployed detection framework aided by AI classifiers enables successful detection. Although we have classified around 30% of the existing mobile P2P malware into 13 distinct malware families based on their behaviour during infection, this paper focuses on two, Cabir & Commwarrior, in order to analyse the proposed detection framework.

[1]  Mikko Hypponen,et al.  Malware goes mobile. , 2006, Scientific American.

[2]  Zhiguang Qin,et al.  Propagation modeling of passive worms in P2P networks , 2008, 2008 IEEE Conference on Cybernetics and Intelligent Systems.

[3]  Albert-László Barabási,et al.  Understanding the Spreading Patterns of Mobile Phone Viruses , 2009, Science.

[4]  Idris Bharanidharan Shanmugam,et al.  Hybrid intelligent Intrusion Detection System , 2005 .

[5]  Chunlin Zhang,et al.  Intrusion detection using hierarchical neural networks , 2005, Pattern Recognit. Lett..

[6]  Martin Chovanec,et al.  INTRUSION DETECTION SYSTEM USING SELF ORGANIZING MAP , 2006 .

[7]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[8]  Hassina Bensefia,et al.  Towards an Adaptive Intrusion Detection System: A Critical and Comparative Study , 2008, 2008 International Conference on Computational Intelligence and Security.

[9]  Laurissa N. Tokarchuk,et al.  MPeersim: Simulation environment for mobile P2P networks , 2011, SoftCOM 2011, 19th International Conference on Software, Telecommunications and Computer Networks.

[10]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[11]  Muhammad Awais Azam,et al.  Classification of Mobile P2P Malware Based on Propagation Behaviour , 2010 .

[12]  Binshan Lin,et al.  Security aspects of mobile phone virus: a critical survey , 2008, Ind. Manag. Data Syst..

[13]  L. Vokorokos,et al.  Distributed intrusion detection system using self organizing map , 2012, 2012 IEEE 16th International Conference on Intelligent Engineering Systems (INES).

[14]  Parag Kulkarni,et al.  Intrusion Detection System using Self Organizing Maps , 2009, 2009 International Conference on Intelligent Agent & Multi-Agent Systems.

[15]  Carey Nachenberg,et al.  Computer virus-antivirus coevolution , 1997, Commun. ACM.

[16]  Ian Wakeman,et al.  Towards Yet Another Peer-to-Peer Simulator , 2006 .