The document discusses behavioral malware detection in delay tolerant networks. It proposes using a Naive Bayesian model to characterize proximity malware based on behavior. It identifies two challenges for applying Bayesian detection in DTNs: insufficient evidence collection risk and filtering false evidence sequentially and distributedly. It proposes a method called "look-ahead" to address these challenges, as well as two extensions - dogmatic filtering and adaptive look-ahead - to address malicious nodes sharing false evidence. Real mobile network traces are used to evaluate the effectiveness of the proposed methods.