VirusMeter: Preventing Your Cellphone from Spies

  • Lei Liu
  • Guanhua Yan
  • Xinwen Zhang
  • Songqing Chen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5758)


Due to the rapid advancement of mobile communication technology, mobile devices nowadays can support a variety of data services that are not traditionally available. With the growing popularity of mobile devices in the last few years, attacks targeting them are also surging. Existing mobile malware detection techniques, which are often borrowed from solutions to Internet malware detection, do not perform as effectively due to the limited computing resources on mobile devices.

In this paper, we propose VirusMeter, a novel and general malware detection method, to detect anomalous behaviors on mobile devices. The rationale underlying VirusMeter is the fact that mobile devices are usually battery powered and any malicious activity would inevitably consume some battery power. By monitoring power consumption on a mobile device, VirusMeter catches misbehaviors that lead to abnormal power consumption. For this purpose, VirusMeter relies on a concise user-centric power model that characterizes power consumption of common user behaviors. In a real-time mode, VirusMeter can perform fast malware detection with trivial runtime overhead. When the battery is charging (referred to as a battery-charging mode), VirusMeter applies more sophisticated machine learning techniques to further improve the detection accuracy. To demonstrate its feasibility and effectiveness, we have implemented a VirusMeter prototype on Nokia 5500 Sport and used it to evaluate some real cellphone malware, including FlexiSPY and Cabir. Our experimental results show that VirusMeter can effectively detect these malware activities with less than 1.5% additional power consumption in real time.


mobile malware mobile device security anomaly detection power consumption 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
  8. 8.
  9. 9.
    Sprots fans in helsinki falling prey to cabir,
  10. 10.
    Bose, A., Hu, X., Shin, K., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceedings of Mobisys, Breckenridge, CO (June 2008)Google Scholar
  11. 11.
    Bose, A., Shin, K.: On mobile virus exploiting messaging and bluetooth services. In: Proceedings of Securecomm (2006)Google Scholar
  12. 12.
    Bose, A., Shin, K.: Proactive security for mobile messaging networks. In: Proceedings of WiSe (2006)Google Scholar
  13. 13.
    Cheng, J., Wong, S., Yang, H., Lu, S.: Smartsiren: Virus detection and alert for smartphones. In: Proceedings of ACM MobiSys, San Juan, Puerto Rico (2007)Google Scholar
  14. 14.
    Chiasserini, C., Rao, R.: Pulsed battery discharge in communication devices. In: Proceedings of MobiComm, Seattle, WA (August 1999)Google Scholar
  15. 15.
    Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing (2004)Google Scholar
  16. 16.
    Enck, W., Traynor, P., McDaniel, P., Porta, T.: Exploiting open functionality in sms-capable cellular networks. In: Proceedings of CCS 2005 (November 2005)Google Scholar
  17. 17.
    Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G., Mehes, A.: Can you infect me now? malware propagation in mobile phone networks. In: Proceedings of WORMS, Alexandria, VA (November 2007)Google Scholar
  18. 18.
    Fuller, T., Doyle, M., Newman, J.: Simulation and optimization of the dual lithium ion insertion cell. Journal of Electrochem. Soc. 141 (April 1994)Google Scholar
  19. 19.
    Guo, C., Wang, H., Zhu, W.: Smart-phone attacks and defenses. In: Proceedings of HotNets III, San Diego, CA (November 2004)Google Scholar
  20. 20.
    Hu, G., Venugopal, D.: A malware signature extraction and detection method applied to mobile networks. In: Proceedings of IPCCC (April 2007)Google Scholar
  21. 21.
  22. 22.
    Kim, H., Smith, J., Shin, K.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceedings of Mobisys, Breckenridge, CO (June 2008)Google Scholar
  23. 23.
    Mickens, J., Noble, B.: Modeling epidemic spreading in mobile networks. In: Proceedings of ACM WiSe (2005)Google Scholar
  24. 24.
    Mulliner, C., Vigna, G., Dagon, D., Lee, W.: Using labeling to prevent cross-service attacks against smart phones. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 91–108. Springer, Heidelberg (2006)Google Scholar
  25. 25.
    Park, S., Savvides, A., Srivastava, M.: Battery capacity measurement and analysis using lithium coin cell battery. In: Proceedings of ISLPED (August 2001)Google Scholar
  26. 26.
    Racic, R., Ma, D., Chen, H.: Exploiting mms vulnerabilities to stealthily exhaust mobile phone’s battery. In: Proceedings of SecureComm 2006 (August 2006)Google Scholar
  27. 27.
    Sarat, S., Terzis, A.: On the detection and origin identification of mobile worms. In: Proceedings of WORMS, Alexandria, VA (November 2007)Google Scholar
  28. 28.
    Simunic, T., Benini, L., Micheli, G.: Energy-efficient design of battery-powered embedded systems. In: Proceedings of ISLPED (August 1999)Google Scholar
  29. 29.
    Su, J., Chan, K., Miklas, A., Po, K., Akhavan, A., Saroiu, S., Lara, E., Goel, A.: A preliminary investigation of worm infections in a bluetooth environment. In: Proceedings of WORM (2006)Google Scholar
  30. 30.
    Traynor, P., Enck, W., McDaniel, P., Porta, T.: Mitigating attacks on open functionality in sms-capable cellular networks. In: Proceedings of Mobicom 2006 (2006)Google Scholar
  31. 31.
    Venugopal, D., Hu, G., Roman, N.: Intelligent virus detection on mobile devices. In: Proceedings of ACM PST, Markham, Ontario, Canada (October 2006)Google Scholar
  32. 32.
    Yan, G., Eidenbenz, S.: Modeling propagation dynamics of bluetooth worms. In: Proceedings of ICDCS 2007 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Lei Liu
    • 1
  • Guanhua Yan
    • 2
  • Xinwen Zhang
    • 3
  • Songqing Chen
    • 1
  1. 1.Department of Computer ScienceGeorge Mason UniversityUSA
  2. 2.Information Sciences Group (CCS-3)Los Alamos National LaboratoryUSA
  3. 3.Computer Science LabSamsung Information Systems AmericaUSA

Personalised recommendations