The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - Jan. (2014 vol.25)
pp: 53-63
Wei Peng , Indiana University-Purdue University Indianapolis, Indianapolis
Feng Li , Indiana University-Purdue University Indianapolis, Indianapolis
Xukai Zou , Indiana University-Purdue University Indianapolis, Indianapolis
Jie Wu , Temple University, Philadelphia
ABSTRACT
The delay-tolerant-network (DTN) model is becoming a viable communication alternative to the traditional infrastructural model for modern mobile consumer electronics equipped with short-range communication technologies such as Bluetooth, NFC, and Wi-Fi Direct. Proximity malware is a class of malware that exploits the opportunistic contacts and distributed nature of DTNs for propagation. Behavioral characterization of malware is an effective alternative to pattern matching in detecting malware, especially when dealing with polymorphic or obfuscated malware. In this paper, we first propose a general behavioral characterization of proximity malware which based on naive Bayesian model, which has been successfully applied in non-DTN settings such as filtering email spams and detecting botnets. We identify two unique challenges for extending Bayesian malware detection to DTNs ("insufficient evidence versus evidence collection risk" and "filtering false evidence sequentially and distributedly"), and propose a simple yet effective method, look ahead, to address the challenges. Furthermore, we propose two extensions to look ahead, dogmatic filtering, and adaptive look ahead, to address the challenge of "malicious nodes sharing false evidence." Real mobile network traces are used to verify the effectiveness of the proposed methods.
INDEX TERMS
Malware, Mathematical model, Equations, Aging, Bayesian methods, Bluetooth, Silicon,Bayesian filtering, Delay-tolerant networks, proximity malware, behavioral malware characterization
CITATION
Wei Peng, Feng Li, Xukai Zou, Jie Wu, "Behavioral Malware Detection in Delay Tolerant Networks", IEEE Transactions on Parallel & Distributed Systems, vol.25, no. 1, pp. 53-63, Jan. 2014, doi:10.1109/TPDS.2013.27
REFERENCES
[1] Trend Micro Inc. SYMBOS_CABIR.A., http://goo.glaHcES, 2004.
[2] http://goo.gliqk7, 2013.
[3] Trend Micro Inc. IOS_IKEE.A., http://goo.glz0j56, 2009.
[4] P. Akritidis, W. Chin, V. Lam, S. Sidiroglou, and K. Anagnostakis, "Proximity Breeds Danger: Emerging Threats in Metro-Area Wireless Networks," Proc. 16th USENIX Security Symp., 2007.
[5] A. Lee, "FBI Warns: New Malware Threat Targets Travelers, Infects via Hotel Wi-Fi," http://goo.glD8vNU, 2012.
[6] NFC Forum. about NFC, http://goo.glzSJqb, 2013.
[7] Wi-Fi Alliance. Wi-Fi Direct, http://goo.glfZuyE. 2013.
[8] C. Kolbitsch, P. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang, "Effective and Efficient Malware Detection at the End Host," Proc. 18th Conf. USENIX Security Symp., 2009.
[9] U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda, "Scalable, Behavior-Based Malware Clustering," Proc. 16th Ann. Network and Distributed System Security Symp. (NDSS), 2009.
[10] D. Dash, B. Kveton, J. Agosta, E. Schooler, J. Chandrashekar, A. Bachrach, and A. Newman, "When Gossip is Good: Distributed Probabilistic Inference for Detection of Slow Network Intrusions," Proc. 21st Nat'l Conf. Artificial Intelligence (AAAI), 2006.
[11] G. Zyba, G. Voelker, M. Liljenstam, A. Méhes, and P. Johansson, "Defending Mobile Phones from Proximity Malware," Proc. IEEE INFOCOM, 2009.
[12] F. Li, Y. Yang, and J. Wu, "CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-Based Mobile Networks," Proc. IEEE INFOCOM, 2010.
[13] I. Androutsopoulos, J. Koutsias, K. Chandrinos, and C. Spyropoulos, "An Experimental Comparison of Naive Bayesian and Keyword-Based Anti-Spam Filtering with Personal E-Mail Messages," Proc. 23rd Ann. Int'l ACM SIGIR Conf. Research and Development in Information Retrieval (SIGIR), 2000.
[14] P. Graham, "Better Bayesian Filtering," http://goo.glAgHkB, 2013.
[15] J. Zdziarski, Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification. No Starch Press, 2005.
[16] R. Villamarín-Salomón and J. Brustoloni, "Bayesian Bot Detection Based on DNS Traffic Similarity," Proc. ACMymp. Applied Computing (SAC), 2013.
[17] J. Agosta, C. Diuk-Wasser, J. Chandrashekar, and C. Livadas, "An Adaptive Anomaly Detector for Worm Detection," Proc. Second USENIX Workshop Tackling Computer Systems Problems with Machine Learning Techniques (SYSML), 2007.
[18] S. Marti et al., "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks," Proc. ACM MobiCom, 2000.
[19] P. Michiardi and R. Molva, "Core: A Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks," Proc. IFIP TC6/TC11 Sixth Joint Working Conf. Comm. and Multimedia Security, p. 107, 2002.
[20] S. Buchegger and J. Le Boudee, "Self-Policing Mobile Ad Hoc Networks by Reputation Systems," IEEE Comm. Magazine, vol. 43, no. 7, pp. 101-107, July 2005.
[21] R.O. Duda, P.E. Hart, and D.G. Stork, Pattern Classification, second ed. Wiley-Interscience, Nov. 2001.
[22] J. Scott, R. Gass, J. Crowcroft, P. Hui, C. Diot, and A. Chaintreau, "CRAWDAD Data Set Cambridge/Haggle (v. 2006-09-15)," http://goo.glRJrKN, Sept. 2006.
[23] N. Eagle and A. Pentland, "CRAWDAD Data Set MIT/Reality (v. 2005-07-01)," http://goo.glV3YKc, July 2005.
[24] J. Su, K. Chan, A. Miklas, K. Po, A. Akhavan, S. Saroiu, E. de Lara, and A. Goel, "A Preliminary Investigation of Worm Infections in a Bluetooth Environment," Proc. Fourth ACM Workshop Recurring Malcode (WORM), 2006.
[25] G. Yan, H. Flores, L. Cuellar, N. Hengartner, S. Eidenbenz, and V. Vu, "Bluetooth Worm Propagation: Mobility Pattern Matters!," Proc. Second ACM Symp. Information, Computer and Comm. Security (ASIACCS), 2007.
[26] A. Bose and K. Shin, "On Mobile Viruses Exploiting Messaging and Bluetooth Services," Proc. SecureComm and Workshop, 2006.
[27] S. Cheng, W. Ao, P. Chen, and K. Chen, "On Modeling Malware Propagation in Generalized Social Networks," IEEE Comm. Letters, vol. 15, no. 1, pp. 25-27, Jan. 2011.
[28] Y. Li, P. Hui, L. Su, D. Jin, and L. Zeng, "An Optimal Distributed Malware Defense System for Mobile Networks with Heterogeneous Devices," Proc. IEEE Eighth Ann. Comm. Soc. Conf. Sensor, Mesh and Ad Hoc Comm. and Networks (SECON), 2011.
[29] A. Vahdat and D. Becker, "Epidemic Routing for Partially-Connected Ad Hoc Networks," technical report, Duke Univ., 2002.
[30] J. Burgess, B. Gallagher, D. Jensen, and B. Levine, "MaxProp: Routing for Vehicle-Based Disruption-Tolerant Networks," Proc. IEEE INFOCOM, 2006.
[31] V. Erramilli, M. Crovella, A. Chaintreau, and C. Diot, "Delegation Forwarding," Proc. ACM MobiHoc, 2008.
[32] W. Hsu, T. Spyropoulos, K. Psounis, and A. Helmy, "Modeling Time-Variant User Mobility in Wireless Mobile Networks," Proc. IEEE INFOCOM, 2007.
[33] E. Daly and M. Haahr, "Social Network Analysis for Information Flow in Disconnected Delay-Tolerant MANETs," IEEE Trans. Mobile Computing, vol. 8, no. 5, pp. 606-621, May 2009.
[34] S. Kamvar, M. Schlosser, and H. Garcia-Molina, "The Eigentrust Algorithm for Reputation Management in P2P Networks," Proc. ACM 12th Int'l Conf. World Wide Web (WWW), 2003.
[35] S. Buchegger and J. Boudec, "Performance Analysis of the CONFIDANT Protocol," Proc. ACM MobiHoc, 2002.
[36] A. Srinivasan, J. Teitelbaum, and J. Wu, "DRBTS: Distributed Reputation-Based Beacon Trust System," Proc. IEEE Second Int'l Symp. Dependable, Autonomic and Secure Computing (DASC), 2006.
38 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool