Conference Paper

Intelligent virus detection on mobile devices.

DOI: 10.1145/1501434.1501511 Conference: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, PST 2006, Markham, Ontario, Canada, October 30 - November 1, 2006
Source: DBLP


In this paper, we describe a new solution for detecting mobile phone viruses. The solution is based on Bayesian decision theory using heuristic rules derived from common functionalities among different virus samples. Specifically, we detect viruses according to the DLL usage of a program, which is directly linked to the functionality of this program. Our solution is able to detect unknown viruses, especially the variants of existing ones. We evaluate our solution on the Symbian platform, where most viruses are present in the wild. We constructed a virus detector based on DLL functions from a small set of virus samples. It detects 95% of mobile viruses and yields no false alarm.

Download full-text


Available from: Nicoleta Roman, Aug 11, 2014
  • Source
    • "Therefore, the imported DLL functions were used as features for virus detection. They considered their method is computationally efficient since the DLL functions are easy to be extracted from the executable files [11]. Carsten Willems et-al developed CWSandbox [12], which is a malware analysis tool that employ dynamic malware analysis, API hooking and dynamic linked library (DLL) injection techniques to implement the necessary rootkit functionality to avoid detection by the malware. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Nowadays, mobile handsets combine the functionality of mobile phones and PDAs. Unfortunately, mobile handsets development process has been driven by market demand, focusing on new features and neglecting security. So, it is imperative to study the existing challenges that facing the mobile handsets threat containment process, and the different techniques and methodologies that used to face those challenges and contain the mobile handsets malwares. This paper also presents a new approach to group the different malware containment systems according to their typologies.
    Full-text · Article · Apr 2012 · International Journal of Advanced Computer Science and Applications
  • Source
    • "Also, observing function API calls means running the application – virtually or actually –, that is not effective, as mentioned before. D. Venugopal et al (D. Venugopal et al., 2006) proposed an algorithm to monitor each DLL function that a process attempts to load. This information is then compared against lists of authorized and unauthorized functions. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The malware threat for mobile phones is expected to increase with the great functionality enhancement of mobile phones. Despite the nowadays malware high abilities, there are a lot of challenges that facing the mobile threat containment process. From this perspective, this work introduces a novel effective solution for discovering handset malwares threats. The work proposed a new behavior based technique for mobile application analysis, which is based on exploiting the application DLL usages, in order to extract values that can be used in a malware detection process. The technique is highly expected to be able to detect zero day viruses that have the similar functionalities as existing ones. Also, since these DLL functions are easy to be extracted from the executable files, the approach is computationally efficient.
    Preview · Article · Feb 2012 · Computer and Information Science
  • Source
    • "Similarly, Venugopal et al. [34] described a virus detection system for the Symbian platform which monitors the DLL functions used by applications. By using Bayesian decision theory and past virus samples, they try to check the behavior of applications to find matches with malicious activity. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Cellphones are increasingly becoming attractive targets of various malware, which not only cause privacy leakage, extra charges, and depletion of battery power, but also introduce malicious traffic into networks. In this work, we s eek system-level solutions to handle these security threats. S pecif- ically, we propose a mandatory access control-based defense to blocking malware that launch attacks through creating new processes for execution. To combat more elaborated malware which redirect program flows of normal applications to execu te malicious code within a legitimate security domain, we further propose using artificial intelligence (AI) techniques such as Graphic Turing test. Through extensive experiments based on both Symbian and Linux smartphones, we show that both our system-level countermeasures effectively detect and block cellphone malware with low false positives, and can be easily deployed on existing smartphone hardware.
    Preview · Conference Paper · Jan 2009
Show more