Advanced SearchSearch Tips
MWMon: A Software Defined Network-based Malware Monitor
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
MWMon: A Software Defined Network-based Malware Monitor
Jo, Min Jae; Shin, Ji Sun;
  PDF(new window)
An antivirus is a widely used solution for detecting malicious softwares in client devices. The performance of antivirus solutions in the mobile client environment is critical due to its resource constrains. Many solutions light-weighting client`s overhead in the mobile client environment have been developed. However, most solutions require platform modifications or software installations and it decreases their realizations in practice. In this paper, we propose a solution detecting malwares on networks using the Software Defined Network (SDN). Our main goal is designing a solution detecting malwares of mobile client without involving the client into the work. We contribute to provide a solution that does not require client-side installations or modifications and so is easily applicable in practice.
Software defined network;mobile security;
 Cited by
McAfee Report,

SDN wiki,

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, J. Turner, "OpenFlow: Enabling Innovation in Campus Networks," SIGCOMM Comput. Commun. Rev., Vol. 38, No. 2, pp.69-74, March 2008.

S. Shin, G. Gu, "CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)," in 20th IEEE International Conference on Network Protocols (ICNP). IEEE, pp.1-6, 2012.

Bates A, Butler K, Haeberlen A, Sherr M, Zhou W, "Let SDN be your eyes: Secure forensics in data center networks," Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT'14). 2014.

AY Ding, J Crowcroft, S Tarkoma, H Flinck, "Software defined networking for security enhancement in wireless mobile networks," Vol. 66, pp.94-101, 2014 crossref(new window)

L. von Ahn, M. Blum, N.J. Hopper, J. Langford, "CAPTCHA: Using Hard AI Problems for Security," Lecture Notes in Computer Science 2656, pp.294-311, 2003

S. Lim, J. Ha, H. Kim, Y. Kim, S. Yang, "A SDN-oriented DDoS blocking scheme for botnet-based attacks." Ubiquitous and Future Networks (ICUFN), 2014 Sixth International Conf on. IEEE, pp.63-68, 2014.

Abaid, Zainab, Mohsen Rezvani, Sanjay Jha. "MalwareMonitor: An SDN-based Framework for Securing Large Networks," Proceedings of the 2014 CoNEXT on Student Workshop. ACM, pp.40-42, 2014.

R. Skowyra, S. Bahargam, A. Bestavros, "SoftwareDefined IDS for Securing Embedded Mobile Devices," 2013. [Online]. Available:

R. Jin, B. Wang, "Malware detection for mobile devices using software-defined networking," in Research and Educational Experiment Workshop (GREE), 2013 Second GENI. IEEE, pp.81-88, 2013.

J. H. Jafarian, E. Al-Shaer,Q. Duan, "Openflow random host mutation: transparent moving target defense using software defined networking," in Proceedings of the first workshop on Hot topics in software defined networks. ACM, pp.127-132, 2012.

K. Yap, Y. Yiakoumis, M. Kobayashi, S. Katti, G. Parulkar, N. McKeown, "Separating authentication, access and accounting: A case study with OpenWiFi," Open Networking Foundation, Tech. Rep., 2011.

Lara, Adrian, Byrav Ramamurthy. "OpenSec: A framework for implementing security policies using OpenFlow." Global Communications Conference (GLOBECOM), pp.781-786 2014.

Oberheide, Jon, Evan Cooke, Farnam Jahanian. "CloudAV: NVersion Antivirus in the Network Cloud." USENIX Security Symposium, pp.91-106, 2008

Cha, Sang Kil, et al. "SplitScreen: Enabling efficient, distributed malware detection." Communications and Networks, Vol 13, No. 2, pp.187-200, 2011 crossref(new window)

Jarabek, Chris, David Barrera, John Aycock. "Thinav: Truly lightweight mobile cloudbased anti-malware," Proceedings of the 28th Annual Computer Security Applications Conference. ACM, pp.209-218, 2012.




E. Chin, A.P. Felt, K. Greenwood, D. Wagner, "Analyzing inter-app lication communication in Android," In Proceedings of the 9th international conference on Mobile systems, applications, and services, ACM, pp. 239-252 ,2011

Min Jae Jo, "Performance Enhancement of malware detection in the lightweight client environment", MA thesis, Sejong University, 2015


Wu. D. J, Mao. C. H, Wei. T. E, Lee. H. M and Wu. K. P, "Droidmat: Android malware detection through manifest and api calls tracing." Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, pp. 62-69, 2012.

V. Van der Veen, "Dynamic Analysis of Android Malware," Master Thesis, VU University Amsterdam, Aug. 2013. [Online]. Available:

Min Jae Jo and Ji Sun Shin, "A Performance Enhancement Scheme for Signature-based Anti-Viruses," Journal of the Korea Industrial Information System Society, Vol. 20, No. 2, pp. 65-72, 2015. crossref(new window)

S. Scott-Hayward, G. O'Callaghan, S. Sezer, "SDN Security: A Survey," IEEE SDN for Future Networks and Services, s pp.1-7, November 2013.

Eun Jun Yoon, Hyun Sung Kim and Ki Dong Bu, "An Intrusion Detection System Using Pattern Classification", Proceedings of the Korea Society for Industrial Systems Conference, 2002.

Hyun Chul Cha, "A Solution for Timing Gap Problems on Network Intrusion Detection Systems", Journal of the Korea Industrial Information System Society, Vol. 7, No.1, pp. 1-6, 2001.

Jae Min Son, Hyun Sung Kim and Ki Dong Bu, "A Scheme for Protecting Security Rules in Intrusion Detection System", Journal of the Korea Industrial Information System Society, Vol. 8, No.4, pp. 8-16, 2003.