Mobile Malware

Nowadays mobile malware is growing fast on the networks, by the following example we could attach the engine to a GN interface and take advantage of the functionalities that the engine provides. Lets see how works now in Java:

Define a callback class for the detection. If the users wants to make more extensions when the malware is detected is just a matter of put more intelligence on the callback, such as integrate with a firewall, log systems and so on.

class ExternalCallbackDomain extends JaiCallback
{
    public void call(Flow flow)
    {
        DNSInfo d = flow.getDNSInfo();
        System.out.println("Malware on IP " + flow.getIPSource() + " on domain " + d.getDomainName());
    }
}

We use a external list of malware domains and add to a DomainNameManager class

public loadBadDomains(DomainNameManager dm, ExternalCallbackDomain ecd)
{

    BufferedReader reader = new BufferedReader(new FileReader("baddomains.txt"));
    String line;
    while ((line = reader.readLine()) != null)
    {
        DomainName d = new DomainName("Domain " = line ,line);
        d.setCallback(ecd);

        dm.addDomainName(d);
    }
    reader.close();
}

Create a new StackMobile object and the corresponding PacketDispatcher.

StackMobile s = new StackMobile():
PacketDispatcher pd = new PacketDispatcher();
pd.setStack(s);

Allocate the maximum number of flows on the UDP stack.

s.setTotalUDPFlows(500000):

Load the malware domains on the DNSProtocol and assign them to the stack

DomainNameManager dm = new DomainNameManager();
ExternalCallbackDomain ecd = new ExternalCallbackDomain();

loadBadDomains(dm,ecd);

s.setDomainNameManager(dm,"DNSProtocol"):

Open the network device and run the engine

pd.open("ens7");
try
{
    pd.run();
}
catch (Exception e)
{
    System.out.println(e.getMessage());
}
pd.close():