Designing System-Level Defenses against Cellphone Malware

Cellphones are increasingly becoming attractive targets of various malware, which not only cause privacy leakage, extra charges, and depletion of battery power, but also introduce malicious traffic into networks. In this work, we seek system-level solutions to handle these security threats. Specifically, we propose a mandatory access control–based defense to blocking malware that launch attacks through creating new processes for execution. To combat more elaborated malware which redirect program flows of normal applications to execute malicious code within a legitimate security domain, we further propose using artificial intelligence (AI) techniques such as Graphic Turing test. Through extensive experiments based on both Symbian and Linux smartphones, we show that both our system-level countermeasures effectively detect and block cellphone malware with low false positives, and can be easily deployed on existing smartphone hardware.

[1]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[2]  Angelos D. Keromytis,et al.  Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.

[3]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[4]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[5]  Thomas F. La Porta,et al.  Exploiting open functionality in SMS-capable cellular networks , 2005, CCS '05.

[6]  Sencun Zhu,et al.  Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification , 2006, 2006 Securecomm and Workshops.

[7]  Sencun Zhu,et al.  Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification , 2006, SecureComm.

[8]  Kang G. Shin,et al.  Proactive security for mobile messaging networks , 2006, WiSe '06.

[9]  Giovanni Vigna,et al.  Vulnerability Analysis of MMS User Agents , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[10]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[11]  Hao Chen,et al.  Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery , 2006, 2006 Securecomm and Workshops.

[12]  Nicoleta Roman,et al.  Intelligent virus detection on mobile devices , 2006, PST.

[13]  Giovanni Vigna,et al.  Using Labeling to Prevent Cross-Service Attacks Against Smart Phones , 2006, DIMVA.

[14]  Songwu Lu,et al.  SmartSiren: virus detection and alert for smartphones , 2007, MobiSys '07.

[15]  Sencun Zhu,et al.  A systematic approach for cell-phone worm containment , 2008, WWW.

[16]  Sencun Zhu,et al.  On the Effectiveness of Internal Patching Against File-Sharing Worms , 2008, ACNS.

[17]  Kang G. Shin,et al.  Detecting energy-greedy anomalies and mobile malware variants , 2008, MobiSys '08.

[18]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[19]  Sencun Zhu,et al.  A Social Network Based Patching Scheme for Worm Containment in Cellular Networks , 2009, IEEE INFOCOM 2009.