Wiki
Clone wikiaiengine / MobileMalwareJava
Mobile Malware
Nowadays mobile malware is growing fast on the networks, by the following example we could attach the engine to a GN interface and take advantage of the functionalities that the engine provides. Lets see how works now in Java:
Define a callback class for the detection. If the users wants to make more extensions when the malware is detected is just a matter of put more intelligence on the callback, such as integrate with a firewall, log systems and so on.
class ExternalCallbackDomain extends JaiCallback { public void call(Flow flow) { DNSInfo d = flow.getDNSInfo(); System.out.println("Malware on IP " + flow.getIPSource() + " on domain " + d.getDomainName()); } }
We use a external list of malware domains and add to a DomainNameManager class
public loadBadDomains(DomainNameManager dm, ExternalCallbackDomain ecd) { BufferedReader reader = new BufferedReader(new FileReader("baddomains.txt")); String line; while ((line = reader.readLine()) != null) { DomainName d = new DomainName("Domain " = line ,line); d.setCallback(ecd); dm.addDomainName(d); } reader.close(); }
Create a new StackMobile object and the corresponding PacketDispatcher.
StackMobile s = new StackMobile(): PacketDispatcher pd = new PacketDispatcher(); pd.setStack(s);
Allocate the maximum number of flows on the UDP stack.
s.setTotalUDPFlows(500000):
Load the malware domains on the DNSProtocol and assign them to the stack
DomainNameManager dm = new DomainNameManager(); ExternalCallbackDomain ecd = new ExternalCallbackDomain(); loadBadDomains(dm,ecd); s.setDomainNameManager(dm,"DNSProtocol"):
Open the network device and run the engine
pd.open("ens7"); try { pd.run(); } catch (Exception e) { System.out.println(e.getMessage()); } pd.close():
Updated