Efficient Anomaly Detection System for Mobile Handsets

A new anomaly detection system for mobile handsets has been proposed. In this system, software behavior that deviates from a model representing normal behavior is considered to be an anomaly. It is generally impossible to cover software behavior exhaustively by the model, which could adversely affect accuracy. In order to resolve this problem, the proposed system assesses the anomalousness of behavior not covered by the model. Moreover, this system needs to have a low overhead in order to be used in mobile handsets, which have less computational resource than a PC. The proposed system adopts an efficient feature for behavior assessment to achieve a high accuracy with a low overhead. This system is implemented on the ARM architecture, which is widely used in mobile handsets. Experimental results clarify that the performance overhead is reasonable and anomalous behavior can be detected accurately.

[1]  R. Sekar,et al.  A practical mimicry attack against powerful system-call monitors , 2008, ASIACCS '08.

[2]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[4]  Weibo Gong,et al.  Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..

[5]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..