Curbing mobile malware based on user-transparent hand movements

In this paper, we present a run-time defense to the malware that inspects the presence/absence of certain transparent human gestures exhibited naturally by users prior to accessing a desired resource. Specifically, we focus on the use of transparent gestures to prevent the misuse of three critical smartphone capabilities - the phone calling service, the camera resource and the NFC reading functionality. We show how the underlying natural hand movement gestures associated with the three services, calling, snapping and tapping, can be detected in a robust manner using multiple - motion, position and ambient - sensors and machine learning classifiers. To demonstrate the effectiveness of our approach, we collect data from multiple phone models and multiple users in real-life or near real-life scenarios emulating both benign settings as well as adversarial scenarios. Our results show that the three gestures can be detected with a high overall accuracy, and can be distinguished from one another and from other activities (benign or malicious), serving as a viable malware defense. In the future, we believe that transparent gestures associated with other smartphone services, such as sending SMS or email, can also be integrated with our system.

[1]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[2]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[3]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[4]  Nitesh Saxena,et al.  Wave-to-Access: Protecting Sensitive Mobile Device Services via a Hand Waving Gesture , 2013, CANS.

[5]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[6]  Deepak Venugopal,et al.  An efficient signature representation and matching method for mobile devices , 2006, WICON '06.

[7]  Juraj Figura Machine Learning for Google Android , 2012 .

[8]  David J. Crandall,et al.  PlaceRaider: Virtual Theft in Physical Spaces with Smartphones , 2012, NDSS.

[9]  Michael W. Hicks,et al.  Automated detection of persistent kernel control-flow attacks , 2007, CCS '07.

[10]  Jun Han,et al.  ACComplice: Location inference using accelerometers on smartphones , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[11]  Helen J. Wang,et al.  User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[12]  Zhi Xu,et al.  A Specification Based Intrusion Detection Framework for Mobile Phones , 2011, ACNS.

[13]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[14]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[15]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[16]  Yan Zhu,et al.  Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures , 2013, WiSec '13.

[17]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[18]  Yuval Elovici,et al.  Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey , 2009, Inf. Secur. Tech. Rep..

[19]  Jason Flinn,et al.  Virtualized in-cloud security services for mobile devices , 2008, MobiVirt '08.