4GMOP: Mopping Malware Initiated SMS Traffic in Mobile Networks

  • Marián KühnelEmail author
  • Ulrike Meyer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


Smartphones have become the most popular mobile devices. Due to their simplicity, portability and functionality comparable to recent computers users tend to store more and more sensitive information on mobile devices rendering them an attractive target for malware writers. As a consequence, mobile malware population is doubled every single year. Many approaches to detect mobile malware infections directly on mobile devices have been proposed. Detecting and blocking voice and SMS messages related to mobile malware in a mobile operator’s network has, however, gained little attention so far. The 4GMOP proposed in this paper aims at closing this gap.



Part of this work was funded by the German Federal Ministry of Education and Research under the references 01BY1010 - 01BY1015. The authors would like to thank Dominik Teubert for comments on ZertSecurity and the anonymous reviewers for their valuable suggestions and feedback.


  1. 1.
    3GPP. Alphabets and Language-specific Information. TS 23.038, 3rd Generation Partnership Project (3GPP) (2008)Google Scholar
  2. 2.
    3GPP. Numbering, Addressing and Identification. TS 23.003, 3rd Generation Partnership Project (3GPP) (2008)Google Scholar
  3. 3.
    Almeida, T.A., Hidalgo, J.M.G., Yamakami, A.: Contributions to the study of sms spam filtering: new collection and results. In: Proceedings of the 11th ACM Symposium on Document Engineering, DocEng 2011, pp. 259–262. ACM (2011)Google Scholar
  4. 4.
    Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: Disclosure: detecting botnet command and control servers through large-scale netflow analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 129–138. ACM (2012)Google Scholar
  5. 5.
    Blasing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: Malicious and Unwanted Software, MALWARE 2010, pp. 55–62. IEEE (2010)Google Scholar
  6. 6.
    Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: Proceedings of the 5th Annual Workshop on Computational Learning Theory, COLT 1992, pp. 144–152. ACM (1992)Google Scholar
  7. 7.
    Breiman, L.: Random Forests, vol. 45, pp. 5–32. Kluwer Academic organizations, Hingham (2001)Google Scholar
  8. 8.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 15–26. ACM (2011)Google Scholar
  9. 9.
    Chuanxiong Guo, H.J.W., Zhu, W.: Smart-phone attacks and defenses. In: Proceedings of the Third Workshop on Hot Topics in Networks, HotNets III. ACM (2004)Google Scholar
  10. 10.
    Elish, K.O., Yao, D., Ryder, B.G.: User-centric dependence analysis for identifying malicious mobile apps. In: Workshop on Mobile Security Technologies, IEEE (2012)Google Scholar
  11. 11.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 255–270. USENIX Association (2010)Google Scholar
  12. 12.
    Enck, W., Traynor, P., McDaniel, P., La Porta, T.: Exploiting open functionality in sms-capable cellular networks. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 393–404. ACM (2005)Google Scholar
  13. 13.
    Este, A., Gringoli, F., Salgarelli, L.: On-line svm traffic classification. In: 2011 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011, pp. 1778–1783. IEEE (2011)Google Scholar
  14. 14.
    Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2012, pp. 33–44. ACM (2012)Google Scholar
  15. 15.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2011, pp. 3–14. ACM (2011)Google Scholar
  16. 16.
    Hoche, M., Kirsch, H., Kühnel, M.: Recommender system for security risk reduction - situational awareness for critical information infrastructures. Technical Report, ASMONIA project (2012)Google Scholar
  17. 17.
    Hua, J., Sakurai, K.: A SMS-based mobile botnet using flooding algorithm. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 264–279. Springer, Heidelberg (2011) Google Scholar
  18. 18.
    Hugh, E.I.G., Chipman, A., McCulloch, R.E.: BART: bayesian additive regression trees. Ann. Appl. Stat. 4, 266–298 (2010)zbMATHMathSciNetCrossRefGoogle Scholar
  19. 19.
    Joachims, T.: Making large scale SVM learning practical (1999)Google Scholar
  20. 20.
    Lever, C., Antonakakis, M., Reaves, B., Traynor, P., Lee, W.: The core of the matter: analyzing malicious traffic in cellular carriers. In: Proceedings of The 20th Annual Network and Distributed System Security Symposium, NDSS 2013, pp. 1–16. ISOC (2013)Google Scholar
  21. 21.
    Lookout.: Mobile security, state of mobile security. Technical report, Lookout (2012)Google Scholar
  22. 22.
    Mulliner, C., Miller, C.: Injecting sms messages into smart phones for security analysis. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT 2009, pp. 5–5. USENIX Association (2009)Google Scholar
  23. 23.
    Mulliner, C., Seifert, J.-P.: Rise of the ibots: owning a telco network. In: Malicious and Unwanted Software, MALWARE 2010, pp. 71–80. IEEE (2010)Google Scholar
  24. 24.
    Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)CrossRefGoogle Scholar
  25. 25.
    Porras, P., Saïdi, H., Yegneswaran, V.: An analysis of the iKee.B iPhone botnet. In: Schmidt, A.U., Russello, G., Lioy, A., Prasad, N.R., Lian, S. (eds.) MobiSec 2010. LNICST, vol. 47, pp. 141–152. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  26. 26.
    Scarfone, K.A., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). Technical Report SP 800–94, (2012)Google Scholar
  27. 27.
    Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 223–234. ACM (2009)Google Scholar
  28. 28.
    VirusTotal.: Free online virus, malware and url scanner.
  29. 29.
    Xiang, C., Binxing, F., Lihua, Y., Xiaoyi, L., Tianning, Z.: Andbot: towards advanced mobile botnets. In: Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, LEET 2011, pp. 11–18. USENIX Association (2011)Google Scholar
  30. 30.
    Zeng, Y., Shin, K.G., Hu, X.: Design of sms commanded-and-controlled and p2p-structured mobile botnets. In: Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2012, pp. 137–148. ACM (2012)Google Scholar
  31. 31.
    Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326. ACM (2012)Google Scholar
  32. 32.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, S&P 2012, pp. 95–109. IEEE (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.CS DepartmentRWTH Aachen UniversityAachenGermany

Personalised recommendations