Abstract and subjects
Due to the rapid advancement of mobile communication technology, mobile devices nowadays can support a variety of data services that are not traditionally available. With the growing popularity of mobile devices in the last few years, attacks targeting them are also surging. Existing mobile malware detection techniques, which are often borrowed from solutions to Internet malware detection, do not perform as effectively due to the limited computing resources on mobile devices.
In this paper, we propose Virus Meter, a novel and general malware detection method, to detect anomalous behaviors on mobile devices. The rationale underlying Virus Meter is the fact that mobile devices are usually battery powered and any malicious activity would inevitably consume some battery power. By monitoring power consumption on a mobile device, Virus Meter catches misbehaviors that lead to abnormal power consumption. For this purpose, Virus Meter relies on a concise user-centric power model that characterizes power consumption of common user behaviors. In a real-time mode, Virus Meter can perform fast malware detection with trivial runtime overhead. When the battery is charging (referred to as a battery-charging mode), Virus Meter applies more sophisticated machine learning techniques to further improve the detection accuracy. To demonstrate its feasibility and effectiveness, we have implemented a Virus Meter prototype on Nokia 5500 Sport and used it to evaluate some real cellphone malware, including FlexiSPY and Cabir. Our experimental results show that Virus Meter can effectively detect these malware activities with less than 1.5% additional power consumption in real time.