A Malware Signature Extraction and Detection Method Applied to Mobile Networks

Author

Hu, Guoning ; Venugopal, Deepak

Author_Institution

SMobile Syst., Columbus, OH

fYear

2007

fDate

11-13 April 2007

Firstpage

19

Lastpage

26

Abstract

The rapid development of mobile phone networks has facilitated the need for better protection against malware. Malware detection is a core component of a security system protecting mobile networks. In this paper, we describe a system for detecting malware within the network traffic using malware signatures. Our system contains two key components. The first one automatically extracts a set of signatures from existing malware samples. In particular, we reduce the number of signatures by using a common signature for a malware and its variants. In addition, we minimize the total false alarm rate of malware detection by extracting signatures that are most uncommon within mobile network traffic. The second one is an efficient method that scans the network traffic using a hash table and sub-signature matching. Our evaluation on Symbian viruses show that our system detects existing malware and their new variants within the network traffic efficiently.

Keywords

mobile communication; telecommunication security; telecommunication traffic; Symbian viruses; detection method; hash table; malware signature extraction; mobile network traffic; mobile phone networks; network traffic; security system; sub-signature matching; Communication system security; Computer viruses; Hardware; Information security; Mobile communication; Mobile handsets; Personal communication networks; Protection; Streaming media; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE Internationa

Conference_Location

New Orleans, LA

ISSN

1097-2641

Print_ISBN

1-4244-1138-6

Electronic_ISBN

1097-2641

Type

conf

DOI

10.1109/PCCC.2007.358875

Filename

4197910