The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.07 - July (2011 vol.10)
pp: 968-981
Hahnsang Kim , University of Michigan, Ann Arbor
Kang G. Shin , University of Michigan, Ann Arbor
Padmanabhan Pillai , Intel Research Lab, Pittsburgh
ABSTRACT
It is of great importance to protect rapidly-spreading and widely-used small mobile devices like smartphones and PocketPCs from energy-depletion attacks by monitoring software (processes) and hardware (especially, battery) resources. The ability to use these devices for on- and/or off-job functions, and even for medical emergencies or disaster recovery is often dictated by their limited battery capacity. However, traditional malware detection systems and antivirus solutions based on matching signatures are limited to detection of only known malware, and hence, cannot deal with battery-depletion attacks. To meet this challenge, we propose to develop, implement, and evaluate a comprehensive framework, called MODELZ, that MOnitors, DEtects, and anaLyZes energy-greedy anomalies on small mobile devices. MODELZ comprises 1) a charge flow meter that allows infrequent sampling of energy consumption without losing accuracy, 2) a power monitor, in coordination with the charge flow meter, that samples and builds a power-consumption history, and 3) a data analyzer that generates a power signature from the power-consumption history. To generate a power signature, we devise and apply light-weighted, effective noise filtering and data compression, reducing the detection overhead significantly. The similarities between power signatures are measured by the \chi^2-distance and used to lower both false-positive and false-negative detection rates. Our experimental results on an HP iPAQ running the Windows Mobile OS have shown that MODELZ achieves significant (up to 95 percent) storage-savings without losing detection accuracy, and a 99 percent true-positive rate in differentiating legitimate programs from suspicious ones while the monitoring consumes 50 percent less energy than the case of keeping the Bluetooth radio turned on.
INDEX TERMS
Power-consumption history, charge flow meter, power signature, \chi^2-distance, moving average filtering.
CITATION
Hahnsang Kim, Kang G. Shin, Padmanabhan Pillai, "MODELZ: Monitoring, Detection, and Analysis of Energy-Greedy Anomalies in Mobile Handsets", IEEE Transactions on Mobile Computing, vol.10, no. 7, pp. 968-981, July 2011, doi:10.1109/TMC.2010.245
REFERENCES
[1] Btaccess.net, http:/www.high-point.com, 2011.
[2] M. Anand, E.B. Nightingale, and J. Flinn, "Ghosts in the Machine: Interfaces for Better Power Management," Proc. Second Int'l Conf. Mobile Systems, Applications, and Services (MobiSys '04), pp. 23-35, 2004.
[3] A. Bose and K.G. Shin, "On Mobile Viruses Exploiting Messaging and Bluetooth Services," Proc. SecureComm and Workshop, pp. 1-10, Aug. 2006.
[4] T.K. Buennemeyer, M. Gora, R.C. Marchany, and J.G. Tront, "Battery Exhaustion Attack Detection with Small Handheld Mobile Computers," Proc. IEEE Int'l Conf. Portable Information Devices (PORTABLE '07), pp. 1-5, May 2007.
[5] J. Cheng, S. Wong, H. Yang, and S. Lu, "SmartSiren: Virus Detection and Alert for Smartphones," Proc. Int'l Conf. Mobile Systems, Applications, and Services (MobiSys '07), pp. 258-271, 2007.
[6] M. Christodorescu, S. Jha, S.A. Seshia, D. Song, and R.E. Bryant, "Semantics-Aware Malware Detection," Proc. IEEE Symp. Security and Privacy (SP '05), pp. 32-46, May 2005.
[7] Atmel Corporation, http://www.atmel.com/productsavr, 2011.
[8] D. Dagon, T. Martin, and T. Starner, "Mobile Phones as Computing Devices: The Viruses Are Coming," Pervasive Computing, vol. 3, no. 4, pp. 11-15, Oct. 2004.
[9] R.O. Duda, P.E. Hart, and D.G. Stork, Pattern Classification, second ed. Wiley-Interscience, 2001.
[10] R.D. Edwards and J. Magee, Technical Analysis of Stock Trends, eighth ed. AMACOM, 2001.
[11] D.R. Ellis, J.G. Aiken, K.S. Attwood, and S.D. Tenaglia, "A Behavioral Approach to Worm Detection," Proc. WORM: ACM Workshop Rapid Malcode, pp. 43-53, 2004.
[12] W. Enck, P. Traynor, P. McDaniel, and T. La Porta, "Exploiting Open Functionality in SMS-Capable Cellular Networks," Proc. 12th ACM Conf. Computer and Comm. Security (CCS '05), pp. 393-404, 2005.
[13] H.H. Feng, O.M. Kolesnikov, P. Fogla, W. Lee, and W. Gong, "Anomaly Detection Using Call Stack Information," Proc. IEEE Symp. Security and Privacy (SP '03), May 2003.
[14] J. Flinn and M. Satyanarayanan, "Energy-Aware Adaptation for Mobile Applications," Proc. 17th ACM Symp. Operating Systems Principles (SOSP '99), pp. 48-63, 1999.
[15] R.M. Ford, C. Robson, D. Temple, and M. Gerlach, "Metrics for Scene Change Detection in Digital Video Sequences," Proc. IEEE Int'l Conf. Multimedia Computing and Systems (ICMCS '97), pp. 610-611, 1997.
[16] Gartner, http://www.gartner.com/itpage.jsp?id=910112 , 2011.
[17] Symantec: Making Handheld Security a Priority, http://www. symantec.com/norton/products/ libraryarticle.jsp?aid=hand held_security , 2011.
[18] M. Hypponen, "Malware Goes Mobile," Scientific Am., Nov. 2006.
[19] H. Kim, J. Smith, and K.G. Shin, "Detecting Energy-Greedy Anomalies and Mobile Malware Variants," Proc. Sixth Int'l Conf. Mobile Systems, Applications, and Services (MobiSys '08), pp. 239-252, June 2008.
[20] Real-Time Vision for Human-Computer Interaction, B. Kisa~canin, V. Pavlovic, and T.S. Huang, eds., first ed. Springer, 2005.
[21] T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami, "Denial-of-Service Attacks on Battery-Powered Mobile Computers," Proc. Second IEEE Ann. Int'l Conf. Pervasive Computing and Comm. (PerCom '04), p.p. 309-318, 2004.
[22] MAXIM, Max4071, http://www.maxim-ic.com/quick_view2. cfm/ qv_pk3387, 2011.
[23] J.W. Mickens and B.D. Noble, "Modeling Epidemic Spreading in Mobile Environments," Proc. Fourth ACM Workshop Wireless Security (WiSe '05), pp. 77-86, 2005.
[24] J.A. Morales, P.J. Clarke, Y. Deng, and B.M. Golam Kibria, "Testing and Evaluating Virus Detectors for Handheld Devices," J. Computer Virology, vol. 2, no. 2, pp. 135-147, Nov. 2006.
[25] B.D. Noble, M. Satyanarayanan, D. Narayanan, J.E. Tilton, J. Flinn, and K.R. Walker, "Agile Application-Aware Adaptation for Mobility," Proc. ACM Special Interest Group on Operating Systems (SIGOPS) Rev., vol. 31, no. 5, pp. 276-287, 1997.
[26] M.F.X.J. Oberhumer, L. Molnar, and J.F. Reiser, "UPX: The Ultimate Packer for Executables," http:/upx.sourceforge.net, 2011.
[27] N.V. Patel and I.K. Sethi, "Compressed Video Processing for Cut Detection," Vision, Image and Signal Processing, vol. 143, no. 5, pp. 315-323, Oct. 1996.
[28] M. Pirretti, S. Zhu, N. Vijaykrishnan, P. McDaniel, M. Kandemir, and R. Brooks, "The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense," Int'l J. Distributed Sensor Networks, vol. 2, no. 3, pp. 267-287, Sept. 2006.
[29] R. Racic, D. Ma, and H. Chen, "Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone's Battery," Proc. SecureComm and Workshops, pp. 1-10, Sept. 2006.
[30] C. Reyes-Aldasoro and A. Bhalerao, "The Bhattacharyya Space for Feature Selection and Its Application to Texture Segmentation," Pattern Recognition, vol. 39, no. 5, pp. 812-826, May 2006.
[31] Bluetooth SIG, Specification of the Bluetooth System, Core Version 1.1, http:/www.bluetooth.com, Feb. 2001.
[32] T. Starner, "Thick Clients for Personal Wireless Devices," Computer, vol. 35, no. 1, pp. 133-135, 2002.
[33] Agilent Technologies, 54815a Infiniium Oscilloscope Spec, http://www.home.agilent.com/agilentproduct.jspx?pn=54815A , 2011.
[34] S. Toyssy and M. Helenius, "About Malicious Software in Smartphones," J. Computer Virology, vol. 2, no. 2, pp. 109-119, Nov. 2006.
[35] G. Yan and S. Eidenbenz, "Bluetooth Worms: Models, Dynamics, and Defense Implications," Proc. 22nd Ann. CS Applications Conf. (ACSAC '06), pp. 245-256, Dec. 2006.
[36] N. Ye and Q. Chen, "An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions into Information Systems," Quality and Reliability Eng. Int'l, vol. 17, no. 2, pp. 105-112, Oct. 2001.
18 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool