Analysis of Mobile P2P Malware Detection Framework through Cabir Commwarrior Families

摘要

Mobile Peer-to-Peer (P2P) malw are has emerged as one of the major challenges in mobile network security in recent years. Around four hundred mobile viruses, worms, trojans and spyware, together with approximately one thousand of their variants have been discovered to-date. So far no classification of such mobile P2P security threats exists. There is no w ell known simulation environment to model mobile P2P network characteristics and provide a platform for the analysis of the propagation of different types of mobile malware. Therefore, our research provides a classification of mobile malware based on the behaviour of a node during infection and develops a platform to analyse malware propagation. It proposes and evaluates a novel behaviour-based approach, using Al, for the detection of various malware families. Unlike existing approaches, our approach focuses on identifying and classifying malware families rather than detecting individual malware and their variants. Adaptive detection of currently known and previously unknown mobile malware on designated mobile nodes through a deployed detection framework aided by Al classifiers enables successful detection. Although we have classified around 30% of the existing mobile P2P malware into 13 distinct malware families based on their behaviour during infection, this paper focuses on two, Cabir & Commwarrior, in order to analyse the proposed detection framework.