Lightweight Agent Based Malware Detection

As message based mobile malware gains growing interest, it is critical to collect malware signatures on 0-day and infer its propagation state. In this project, we propose an idea of applying lightweight agents on mobile devices to detect, analyze and predict message based malware propagation.

The method enables malware signature capture shortly after the malware outbreak. By analyzing the observed messages received on the agents, we build a customized Susceptible-Infectious-Recovered (SIR) model to capture the dynamics of the malware propagation and predict its future spreading trend. One distinct feature of our method is that it is generic and independent of malware propagation schemes. Moreover, it is light-weight and suitable for wide deployment because the agents are only deployed on a small portion of mobile devices and each selected device is equipped with a small number of agents. Simulation results so far demonstrate that regardless of different malware propagation schemes and types of mobile devices, our customized SIR model approximates the malware propagation state accurately. We also prototype our system on Android phones to demonstrate the feasibility of deploying and updating the agents.

For more information on this project contact us at security-research@att.com