Propagation, detection and containment of mobile malware
作者: Kang G. Shin , Abhijit Bose
DOI:
关键词:
摘要: Today's enterprise systems and networks are frequent targets of malicious attacks, such as worms, viruses, spyware intrusions that can disrupt, or even disable critical services. Recent trends suggest by combining a payload with worms delivery mechanism, programs potentially be used for industrial espionage identity theft. The problem is compounded further the increasing convergence wired, wireless cellular networks, since virus writers now write malware crossover from one network segment to another, exploiting services vulnerabilities specific each network. This dissertation makes four primary contributions. First, it builds more accurate propagation models emerging hybrid (i.e., use multiple vectors Bluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressing key factors heterogeneity nodes, user mobility within Second, develops proactive containment framework based on group-behavior hosts against agents in an setting. majority today's anti-virus solutions reactive, i.e., these activated only after activity has been detected at node In contrast, potential closing vulnerable ahead infection, thereby halting spread malware. Third, we study (1) current-generation mobile viruses target SMS/MMS messaging Bluetooth handsets, corresponding exploits, (2) their impact large SMS provider using real-life data. Finally, propose new behavioral approach detecting targeting handsets. Our concept generalized patterns instead traditional signature-based detection. methods not scalable deployment devices due limited resources available typical Further, demonstrate compact footprint, but also detect classes combine some features existing
参考文章(93)
V. N. Vapnik, The Nature of Statistical Learning Theory. ,(1995)
Matthew M. Williamson, Andrew Byde, Alan Parry, Virus Throttling for Instant Messaging ,(2004)
William Aiello, Patrick D. McDaniel, Jacobus E. van der Merwe, Oliver Spatscheck, Subhabrata Sen, Charles R. Kalmanek, Enterprise Security: A Community of Interest Based Approach. network and distributed system security symposium. ,(2006)
Sepandar Kamvar, Tyson Condie, Mario Schlosser, Simulating A File-Sharing P2P Network Stanford InfoLab. ,(2003)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
K.S. Perumalla, S. Sundaragopalan, High-fidelity modeling of computer network worms annual computer security applications conference. pp. 126- 135 ,(2004) , 10.1109/CSAC.2004.21
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, The EarlyBird System for Real-time Detection of Unknown Worms ,(2005)
Douglas C Montgomery, Cheryl L Jennings, Murat Kulahci, None, Introduction to Time Series Analysis and Forecasting ,(2008)
Jose Nazario, Defense and Detection Strategies against Internet Worms ,(2003)
Stefan Savage, John Bellardo, 802.11 denial-of-service attacks: real vulnerabilities and practical solutions usenix security symposium. pp. 2- 2 ,(2003)