Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals

Mobile devices are used for communication and for tasks that are sensitive and subject to tampering. Indeed, attacks can be performed on the users' devices without user awareness, this represents additional risk in mission critical scenarios, such as Public Protection and Disaster Relief (PPDR). Intrusion Detection Systems are important for scenarios where information leakage is of crucial importance, since they allow to detect possible attacks to information assets (e.g., installation of malware), or can even compromise the security of PPDR personnel. HyIDS is an Hybrid IDS for Android and supporting the stringent security requirements of PPDR, by comprising agents that continuously monitor mobile device and periodically transmit the data to an analysis framework at the Command Control Center (CCC). The data collection retrieves resource usage metrics for each installed application such as CPU, memory usage, and incoming and outgoing network traffic. At the CCC, the HyIDS employs Machine Learning techniques to identify patterns that are consistent with malware signatures based on the data collected from the applications. The HyIDS's evaluation results demonstrate that the proposed solution has low impact on the mobile device in terms of battery consumption and CPU/memory usage.

[1]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[2]  Victoria J. Hodge,et al.  A Survey of Outlier Detection Methodologies , 2004, Artificial Intelligence Review.

[3]  W. Yassin,et al.  Intrusion detection based on K-Means clustering and Naïve Bayes classification , 2011, 2011 7th International Conference on Information Technology in Asia.

[4]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[5]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[6]  Vijay Laxmi,et al.  AndroSimilar: robust statistical feature signature for Android malware detection , 2013, SIN.

[7]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[8]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[9]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[10]  Marnix Kaart,et al.  Android forensics: Interpretation of timestamps , 2014, Digit. Investig..

[11]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[12]  Dimitrios Kasiaras,et al.  Android forensics: Correlation analysis , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[13]  Denis Trček,et al.  Next-Generation Communication Systems for PPDR: the SALUS Perspective , 2015 .

[14]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[15]  Meng Jianliang,et al.  The Application on Intrusion Detection Based on K-means Cluster Algorithm , 2009, 2009 International Forum on Information Technology and Applications.