Full Program »
Automated Remote Repair for Mobile Malware
Final 528KB |
Yacin Nadji
Georgia Institute of Technology
United States
Jonathan Giffin
Georgia Institute of Technology
United States
Patrick Traynor
Georgia Institute of Technology
United States
Abstract:
Mobile application markets currently serve as the main line of defense
against malicious applications. While marketplace revocations have
successfully removed the few overtly malicious
applications installed on mobile devices, the anticipated coming flood of mobile
malware mandates the need for mechanisms that can respond faster than
manual intervention. In this paper, we propose an infrastructure that automatically
identifies and responds to malicious mobile applications based
on their network behavior. We design and implement a prototype, Airmid, that uses cooperation
between in-network sensors and smart devices to identify the provenance
of malicious traffic. We then develop sample malicious mobile applications
exceeding the capabilities of malware recently discovered in the
wild, demonstrate the ease with which they can evade current detection
techniques, and then use Airmid to show a range of automated recovery responses ranging
from on-device firewalling to application removal.