research-article

SpotMal: A hybrid malware detection framework with privacy protection for BYOD

Authors:

Munyaradzi Gudo,

Keshnee PadayacheeAuthors Info & Claims

SAICSIT '15: Proceedings of the 2015 Annual Research Conference on South African Institute of Computer Scientists and Information Technologists

Article No.: 18, Pages 1 - 6

https://doi.org/10.1145/2815782.2815812

Published: 28 September 2015 Publication History

Abstract

The proliferation of mobile devices coupled with their increased computing capabilities has made them perfectly fit in the business environment. Bring Your Own Device (BYOD) is the phenomenon where individuals bring their own portable devices for connectivity and use in the workplace. BYODs introduce several benefits such as increased productivity and employee motivation but also a range of security challenges. Hackers have developed multifaceted malware targeting these BYODs. Research has been done on mobile malware detection however, because of their resource-constraint, the adoption of PC-based malware detection methods such as signature and behavior-based detection techniques has proved to be challenging. Users have cited privacy concerns when these virus detection techniques are remotely applied on the BYOD for example cloud-based detection since these devices are used for both personal and work data storage. This paper examines the threat of mobile malware to organizations that have adopted BYOD and current solutions to this threat. Additionally, a hybrid malware detection framework with privacy protection for BYOD and smart-work environments is proposed to detect malware without compromising the privacy and confidentiality of personal sensitive data.

References

[1]

S. Chung, S. Chung, T. Escrig, Y. Bai, and B. Endicott-Popovsky, "2TAC: Distributed Access Control Architecture for #x0022;Bring Your Own Device #x0022; Security," in 2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom), 2012, pp. 123--126.

Digital Library

[2]

A. Scarfo, "New Security Perspectives around BYOD," in 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA), 2012, pp. 446--451.

Digital Library

[3]

W. He, "A survey of security risks of mobile social media through blog mining and an extensive literature search," Inf. Manag. Comput. Secur., vol. 21, no. 5, pp. 381--400, 2013.

[4]

S. Zonouz, A. Houmansadr, R. Berthier, N. Borisov, and W. Sanders, "Secloud: A cloud-based comprehensive and lightweight security solution for smartphones," Comput. Secur., vol. 37, pp. 215--227, Sep. 2013.

Digital Library

[5]

V. M. Afonso, D. S. F. Filho, A. Gregio, P. L. de Geus, and M. Jino, "A hybrid framework to analyze web and OS malware," in 2012 IEEE International Conference on Communications (ICC), 2012, pp. 966--970.

[6]

H.-S. Chiang and W. Tsaur, "Identifying Smartphone Malware Using Data Mining Technology," in 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), 2011, pp. 1--6.

[7]

I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, "Opcode sequences as representation of executables for data-mining-based unknown malware detection," Inf. Sci., vol. 231, pp. 64--82, May 2013.

Digital Library

[8]

L. Shi, J. Que, Z. Zhong, B. Meyer, P. Crenshaw, and Y. He, "A Scalable Implementation of Malware Detection Based on Network Connection Behaviors," in 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2013, pp. 59--66.

Digital Library

[9]

J.-Y. Xu, A. H. Sung, P. Chavez, and S. Mukkamala, "Polymorphic Malicious Executable Scanner by API Sequence Analysis," 2004, pp. 378--383.

Digital Library

[10]

A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala, "Static Analyzer of Vicious Executables (SAVE)," in Proceedings of the 2004 Annual Computer Security Applications Conference (ACSAC), 2004, pp. 326--334.

Digital Library

[11]

Q. Jiang, X. Zhao, and K. Huang, "A feature selection method for malware detection," in 2011 IEEE International Conference on Information and Automation (ICIA), 2011, pp. 890--895.

[12]

J. Sahs and L. Khan, "A Machine Learning Approach to Android Malware Detection," in Intelligence and Security Informatics Conference (EISIC), 2012 European, 2012, pp. 141--147.

Digital Library

[13]

G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and A. Ribagorda, "Evolution, Detection and Analysis of Malware for Smart Devices," IEEE Commun. Surv. Tutor., vol. 16, no. 2, pp. 961--987, Second 2014.

[14]

Government Accountability Office (GAO), "Information security: Better implementation of controls for mobile devices should be encouraged," Rep. USA Congr. Comm., no. GAO-12--757, 2012.

[15]

Ponemon Institute, "2012 Cost of Cyber Crime Study: United States," Ponemon Institute LLC, Cost of Data breach Report, Oct. 2012.

[16]

T. Gaffney, "Following in the footsteps of Windows: how Android malware development is looking very familiar," Netw. Secur., vol. 2013, no. 8, pp. 7--10, Aug. 2013.

[17]

Maria Karyda, Stefanos Gritzalis, Jong Hyuk Park, and Spyros Kokolakis, "Privacy and fair information practices in ubiquitous environments," Internet Res., vol. 19, no. 2, pp. 194--208, Apr. 2009.

[18]

H. Orman, "Did You Want Privacy With That?: Personal Data Protection in Mobile Devices," IEEE Internet Computing, vol. 17, no. 3, pp. 83--86, 2013.

Digital Library

[19]

P. Wang, "Survey on Privacy Preserving Data Mining," in International Journal of Digital Content Technology and its Applications, 2010, vol. 4.

Cited By

Krmelj GPančur MGrohar MCiglarič M(2018)OpenSPA - An Open and Extensible Protocol for Single Packet AuthorizationProceedings of the Central European Cybersecurity Conference 201810.1145/3277570.3277574(1-6)Online publication date: 15-Nov-2018
https://dl.acm.org/doi/10.1145/3277570.3277574

Recommendations

Mobile and ubiquitous malware
MoMM '09: Proceedings of the 7th International Conference on Advances in Mobile Computing and Multimedia

Mobile malware is an increasing threat to the world of handheld devices, which can prove to be costlier than PC viruses in the future. The current method used to combat mobile malware is virus signature matching which is based on the slow process of ...
POSTER: Preserving privacy and accountability for personal devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Using personal mobile devices for work gave rise to a trend called "bring your own device", or BYOD. BYOD brings a productivity boost for employees, but also headaches for employers: on the one hand, the business has a legitimate interest in monitoring ...
Mobile botnet detection: a comprehensive survey
Abstract
The number of people using mobile devices is increasing as mobile devices offer different features and services. Many mobile users install various applications on their mobile devices to use features like payment, business services, social ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SAICSIT '15: Proceedings of the 2015 Annual Research Conference on South African Institute of Computer Scientists and Information Technologists

September 2015

423 pages

ISBN:9781450336833

DOI:10.1145/2815782

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 September 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SAICSIT '15

SAICSIT '15: The 2015 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists

September 28 - 30, 2015

Stellenbosch, South Africa

Acceptance Rates

SAICSIT '15 Paper Acceptance Rate 43 of 119 submissions, 36%;

Overall Acceptance Rate 187 of 439 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
222
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Krmelj GPančur MGrohar MCiglarič M(2018)OpenSPA - An Open and Extensible Protocol for Single Packet AuthorizationProceedings of the Central European Cybersecurity Conference 201810.1145/3277570.3277574(1-6)Online publication date: 15-Nov-2018
https://dl.acm.org/doi/10.1145/3277570.3277574

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten