Skip to main content
SpringerLink
Log in

VirusMeter: Preventing Your Cellphone from Spies

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5758))

Included in the following conference series:

Abstract

Due to the rapid advancement of mobile communication technology, mobile devices nowadays can support a variety of data services that are not traditionally available. With the growing popularity of mobile devices in the last few years, attacks targeting them are also surging. Existing mobile malware detection techniques, which are often borrowed from solutions to Internet malware detection, do not perform as effectively due to the limited computing resources on mobile devices.

In this paper, we propose VirusMeter, a novel and general malware detection method, to detect anomalous behaviors on mobile devices. The rationale underlying VirusMeter is the fact that mobile devices are usually battery powered and any malicious activity would inevitably consume some battery power. By monitoring power consumption on a mobile device, VirusMeter catches misbehaviors that lead to abnormal power consumption. For this purpose, VirusMeter relies on a concise user-centric power model that characterizes power consumption of common user behaviors. In a real-time mode, VirusMeter can perform fast malware detection with trivial runtime overhead. When the battery is charging (referred to as a battery-charging mode), VirusMeter applies more sophisticated machine learning techniques to further improve the detection accuracy. To demonstrate its feasibility and effectiveness, we have implemented a VirusMeter prototype on Nokia 5500 Sport and used it to evaluate some real cellphone malware, including FlexiSPY and Cabir. Our experimental results show that VirusMeter can effectively detect these malware activities with less than 1.5% additional power consumption in real time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://www.wellingtonfund.com/blog/2007/02/19/gmp-3gsm-wrapup/

  2. http://en.wikipedia.org/wiki/Smartphone

  3. http://www.viruslibrary.com/

  4. http://vx.netlux.org/29a/

  5. http://www.flexispy.com/

  6. http://www.panasonic.com/inustrial_oem/battery/battery_oem/chem/lith/lith.htm

  7. http://en.wikipedia.org/wiki/Stepwise_regression

  8. Commwarrior, http://www.f-secure.com/v-descs/commwarrior.shtml

  9. Sprots fans in helsinki falling prey to cabir, http://news.zdnet.com

  10. Bose, A., Hu, X., Shin, K., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceedings of Mobisys, Breckenridge, CO (June 2008)

    Google Scholar 

  11. Bose, A., Shin, K.: On mobile virus exploiting messaging and bluetooth services. In: Proceedings of Securecomm (2006)

    Google Scholar 

  12. Bose, A., Shin, K.: Proactive security for mobile messaging networks. In: Proceedings of WiSe (2006)

    Google Scholar 

  13. Cheng, J., Wong, S., Yang, H., Lu, S.: Smartsiren: Virus detection and alert for smartphones. In: Proceedings of ACM MobiSys, San Juan, Puerto Rico (2007)

    Google Scholar 

  14. Chiasserini, C., Rao, R.: Pulsed battery discharge in communication devices. In: Proceedings of MobiComm, Seattle, WA (August 1999)

    Google Scholar 

  15. Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: The viruses are coming! IEEE Pervasive Computing (2004)

    Google Scholar 

  16. Enck, W., Traynor, P., McDaniel, P., Porta, T.: Exploiting open functionality in sms-capable cellular networks. In: Proceedings of CCS 2005 (November 2005)

    Google Scholar 

  17. Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G., Mehes, A.: Can you infect me now? malware propagation in mobile phone networks. In: Proceedings of WORMS, Alexandria, VA (November 2007)

    Google Scholar 

  18. Fuller, T., Doyle, M., Newman, J.: Simulation and optimization of the dual lithium ion insertion cell. Journal of Electrochem. Soc. 141 (April 1994)

    Google Scholar 

  19. Guo, C., Wang, H., Zhu, W.: Smart-phone attacks and defenses. In: Proceedings of HotNets III, San Diego, CA (November 2004)

    Google Scholar 

  20. Hu, G., Venugopal, D.: A malware signature extraction and detection method applied to mobile networks. In: Proceedings of IPCCC (April 2007)

    Google Scholar 

  21. Hypponen, M.: http://www.usenix.org/events/sec07/tech/hypponen.pdf

  22. Kim, H., Smith, J., Shin, K.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceedings of Mobisys, Breckenridge, CO (June 2008)

    Google Scholar 

  23. Mickens, J., Noble, B.: Modeling epidemic spreading in mobile networks. In: Proceedings of ACM WiSe (2005)

    Google Scholar 

  24. Mulliner, C., Vigna, G., Dagon, D., Lee, W.: Using labeling to prevent cross-service attacks against smart phones. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 91–108. Springer, Heidelberg (2006)

    Google Scholar 

  25. Park, S., Savvides, A., Srivastava, M.: Battery capacity measurement and analysis using lithium coin cell battery. In: Proceedings of ISLPED (August 2001)

    Google Scholar 

  26. Racic, R., Ma, D., Chen, H.: Exploiting mms vulnerabilities to stealthily exhaust mobile phone’s battery. In: Proceedings of SecureComm 2006 (August 2006)

    Google Scholar 

  27. Sarat, S., Terzis, A.: On the detection and origin identification of mobile worms. In: Proceedings of WORMS, Alexandria, VA (November 2007)

    Google Scholar 

  28. Simunic, T., Benini, L., Micheli, G.: Energy-efficient design of battery-powered embedded systems. In: Proceedings of ISLPED (August 1999)

    Google Scholar 

  29. Su, J., Chan, K., Miklas, A., Po, K., Akhavan, A., Saroiu, S., Lara, E., Goel, A.: A preliminary investigation of worm infections in a bluetooth environment. In: Proceedings of WORM (2006)

    Google Scholar 

  30. Traynor, P., Enck, W., McDaniel, P., Porta, T.: Mitigating attacks on open functionality in sms-capable cellular networks. In: Proceedings of Mobicom 2006 (2006)

    Google Scholar 

  31. Venugopal, D., Hu, G., Roman, N.: Intelligent virus detection on mobile devices. In: Proceedings of ACM PST, Markham, Ontario, Canada (October 2006)

    Google Scholar 

  32. Yan, G., Eidenbenz, S.: Modeling propagation dynamics of bluetooth worms. In: Proceedings of ICDCS 2007 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, George Mason University, USA

    Lei Liu & Songqing Chen

  2. Information Sciences Group (CCS-3), Los Alamos National Laboratory, USA

    Guanhua Yan

  3. Computer Science Lab, Samsung Information Systems America, USA

    Xinwen Zhang

Authors
  1. Lei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guanhua Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Songqing Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia-Antipolis Cedex, France

    Engin Kirda  & Davide Balzarotti  & 

  2. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, L., Yan, G., Zhang, X., Chen, S. (2009). VirusMeter: Preventing Your Cellphone from Spies. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04342-0_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04341-3

  • Online ISBN: 978-3-642-04342-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation