A malware signature extraction and detection method applied to mobile networks

The rapid development of mobile phone networks has facilitated the need for better protection against malware. Malware defection is a core component of a security system protecting mobile networks. In this paper, we describe a system for detecting malware within the network traffic using malware signatures. Our system contains two key components. The first one automatically extracts a set of signatures from existing malware samples. In particular, we reduce the number of signatures by using a common signature for a malware and its variants. In addition, we minimize the total false alarm rate of malware detection by extracting signatures that are most uncommon within mobile network traffic. The second one is an efficient method that scans the network traffic using a hash table and sub-signature matching. Our evaluation on Symbian viruses show that our system detects existing malware and their new variants within the network traffic efficiently.