【 摘 要 】

Today;;s enterprise systems and networks are frequent targets ofmalicious attacks, such as worms, viruses, spyware and intrusionsthat can disrupt, or even disable critical services. Recent trendssuggest that by combining spyware as a malicious payload with wormsas a delivery mechanism, malicious programs can potentially be usedfor industrial espionage and identity theft. The problem iscompounded further by the increasing convergence of wired, wirelessand cellular networks, since virus writers can now write malwarethat can crossover from one network segment to another,exploiting services and vulnerabilities specific to each network.This dissertation makes four primary contributions. First, it buildsmore accurate malware propagation models for emerging hybrid malware(i.e., malware that use multiple propagation vectors such asBluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressingkey propagation factors such as heterogeneity of nodes, services anduser mobility within the network. Second, it develops a proactive containment framework based on group-behavior ofhosts against such malicious agents in an enterprise setting. Themajority of today;;s anti-virus solutions are reactive, i.e., theseare activated only after a malicious activity has been detected at anode in the network. In contrast, proactive containment has thepotential of closing the vulnerable services ahead of infection, andthereby halting the spread of the malware. Third, we study (1) thecurrent-generation mobile viruses and worms that target SMS/MMSmessaging and Bluetooth on handsets, and the corresponding exploits,and (2) their potential impact in a large SMS provider network usingreal-life SMS network data. Finally, we propose a new behavioralapproach for detecting emerging malware targeting mobile handsets.Our approach is based on the concept of generalized behavioralpatterns instead of traditional signature-based detection. Thesignature-based methods are not scalable for deployment in mobiledevices due to limited resources available on today;;s typicalhandsets. Further, we demonstrate that the behavioral approach notonly has a compact footprint, but also can detect new classes ofmalware that combine some features from existing classes of malware.

【 预 览 】

附件列表

Files	Size	Format	View
Propagation, Detection and Containment of Mobile Malware.	2001KB	PDF	download