Abstract
This paper presents SmartMal—a novel service-oriented behavioral malware detection framework for vehicular and mobile devices. The highlight of SmartMal is to introduce service-oriented architecture (SOA) concepts and behavior analysis into the malware detection paradigms. The proposed framework relies on client-server architecture, the client continuously extracts various features and transfers them to the server, and the server's main task is to detect anomalies using state-of-art detection algorithms. Multiple distributed servers simultaneously analyze the feature vector using various detectors and information fusion is used to concatenate the results of detectors. We also propose a cycle-based statistical approach for mobile device anomaly detection. We accomplish this by analyzing the users' regular usage patterns. Empirical results suggest that the proposed framework and novel anomaly detection algorithm are highly effective in detecting malware on Android devices.
Highlights
Personal digital assistants (PDAs), mobile phones, and recently smartphones have evolved from simple devices into sophisticated yet compact minicomputers which can connect to a wide spectrum of networks, including the Internet and corporate intranets
In order to simulate a relatively large scale experimental platform, we combine the message from 3 smartphones every 5 minutes into a 10length chain with a 30-dimensional NET SEND vector; it is normalized into the probability distribution for TCP SYN behaviors
This paper proposed a service-oriented malware detection framework “SmartMal,” which is the first work to combine service-oriented architecture (SOA) concepts with state-of-the-art behavior-based malware detection methodologies
Summary
Personal digital assistants (PDAs), mobile phones, and recently smartphones have evolved from simple devices into sophisticated yet compact minicomputers which can connect to a wide spectrum of networks, including the Internet and corporate intranets. Programmable, networked devices, smartphones are susceptible to various malware threats such as viruses, Trojan horses, and worms, all of which are well known from desktop platforms These devices enable users to access and browse the Internet, receive and send emails, and short message service (SMS), connect to other devices for exchanging/synchronizing information, and install various applications, which make these devices ideal attack targets [1]. The user behavior analyses, such as CPU/memory utilization, battery endurance, and network traffic flow, are located on central or distributed servers. This improves the load balancing status for global optimization.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
