Behavioral malware detection in delay tolerant networks
2 likes440 views
The document discusses behavioral malware detection in delay-tolerant networks (DTNs), introducing a naive Bayesian model to characterize proximity malware and addressing challenges in evidence collection and filtering. It proposes methods like look-ahead, dogmatic filtering, and adaptive look-ahead to enhance malware detection effectiveness in DTNs. Additionally, it presents a novel inter-region routing proposal and outlines system configurations for both hardware and software needed to support the proposed methods.
Behavioral malware detection in delay tolerant networks
- 1. BEHAVIORAL MALWARE DETECTION IN DELAY TOLERANT NETWORKS Abstract: The delay-tolerant-network (DTN) model is becoming a viable communication alternative to the traditional infrastructural model for modern mobile consumer electronics equipped with short-range communication technologies such as Bluetooth, NFC, and Wi-Fi Direct. Proximity malware is a class of malware that exploits the opportunistic contacts and distributed nature of DTNs for propagation. Behavioral characterization of malware is an effective alternative to pattern matching in detecting malware, especially when dealing with polymorphic or obfuscated malware. In this paper, we first propose a general behavioral characterization of proximity malware which based on Naive Bayesian model, which has been successfully applied in non-DTN settings such as filtering email spams and detecting botnets. We identify two unique challenges for extending Bayesian malware detection to DTNs (“in sufficient evidence vs. evidence collection risk” and “filtering false evidence sequentially and distributedly”), and propose a simple yet effective method, look-ahead, to address the challenges. Furthermore, we propose two extensions to look-ahead, dogmatic filtering and adaptive look- ahead, to address the challenge of “malicious nodes sharing false evidence”. Real mobile network traces are used to verify the effectiveness of the proposed methods. EXISTING SYSTEM Almost all the existing work on routing in delay tolerant networks has focused on the problem of delivery of messages inside a single region, characterized by the same network infrastructure and namespace. However, many deployment scenarios, especially in developing regions, will probably involve routing among different regions composed of several heterogeneous types of network domains such as satellite networks and ad hoc networks composed of short- range radio enabled devices, like mobile phones with Bluetooth interface
- 2. PROPOSED SYSTEM We introduce a proposal for inter-region routing based on both probabilistic and deterministic forwarding mechanisms, embedded in an architectural frame- work able to support it. We also compare our solution to existing approaches in delay tolerant networking, discussing the main requirements and possible solutions, and outlining the open research problems. MODULE DESCRIPTION: 1. Store and forward message switching 2. Delay-tolerant networking 3. Gateway 4. Routing Store and forward message switching Hold data until it has a scheduled transfer in network storage. Suppose not view the message means delivery status is not received otherwise receives status. Delay-tolerant networking A Delay-Tolerant Network (DTN) is a general-purpose overlay network that operates on top of varying regional networks, including the Internet. DTNs allow regional networks with varying delay characteristics to interoperate by providing mechanisms to translate between their respective network parameters. Therefore, the underlying protocols and technologies for these regional networks may differ considerably, but the flexibility of the DTN architecture allows them to be connected to each other. Gateway Gateway is designed to forward bundles between two or more DTN region networks and may optionally act as a host. The bundle overlay of gateways must have persistent storage and allow custody transfers. Gateways link together networks that operate on different lower-layer protocols.
- 3. Router Router works within a single DTN region and is responsible for forwarding bundles.Such user requires persistent storage to queue and keep bundles until outbound. System Configuration:- H/W System Configuration:- Processor - Pentium –III Speed - 1.1 Ghz RAM - 256 MB(min) Hard Disk - 20 GB Floppy Drive - 1.44 MB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - SVGA S/W System Configuration:- Operating System :Windows95/98/2000/XP Application Server : Tomcat5.0/6.X Front End : HTML, Java, Jsp Scripts : JavaScript. Server side Script : Java Server Pages. Database : Mysql Database Connectivity : JDBC.