Malware Detection for Mobile Devices Using Software-Defined Networking

The rapid adoption of mobile devices comes with the growing prevalence of mobile malware. Mobile malware poses serious threats to personal information and creates challenges in securing network. Traditional network services provide connectivity but do not have any direct mechanism for security protection. The emergence of Software-Defined Networking (SDN) provides a unique opportunity to achieve network security in a more efficient and flexible manner. In this paper, we analyze the behaviors of mobile malware, propose several mobile malware detection algorithms, and design and implement a malware detection system using SDN. Our system detects mobile malware by identifying suspicious network activities through real-time traffic analysis, which only requires connection establishment packets. Specifically, our detection algorithms are implemented as modules inside the OpenFlow controller, and the security rules can be imposed in real time. We have tested our system prototype using both a local testbed and GENI infrastructure. Test results confirm the feasibility of our approach. In addition, the stress testing results show that even unoptimized implementations of our algorithms do not affect the performance of the OpenFlow controller significantly.