An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices

Intrusion Detection System (IDS) is crucial to protect smartphones from imminent security breaches and ensure user privacy. Android is the most popular mobile Operating System (OS), holding above 85% market share. The traffic generated by smartphones is expected to exceed the one generated by personal computers by 2021. Consequently, this prevalent mobile OS will stay one of the most attractive targets for potential attacks on fifth generation mobile networks (5G). Although Android malware detection has received considerable attention, offered solutions mostly rely on performing resource intensive analysis on a server, assuming a continuous connection between the device and the server, or on employing supervised Machine Learning (ML) algorithms for profiling the malware’s behaviour, which essentially require a training dataset consisting of thousands of examples from both benign and malicious profiles. However, in practice, collecting malicious examples is tedious since it entails infecting the device and collecting thousands of samples in order to characterise the malware’s behaviour and the labelling has to be done manually. In this paper, we propose a novel Host-based IDS (HIDS) incorporating statistical and semi-supervised ML algorithms. The advantage of our proposed IDS is two folds. First, it is wholly autonomous and runs on the mobile device, without needing any connection to a server. Second, it requires only benign examples for tuning, with potentially a few malicious ones. The evaluation results show that the proposed IDS achieves a very promising accuracy of above 0.9983, reaching up to 1.

[1]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[2]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[3]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[4]  Georgios Mantas,et al.  Security for 5G Communications , 2015 .

[5]  Felix C. Freiling,et al.  Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices , 2011, 2011 IEEE Symposium on Security and Privacy.

[6]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[7]  Nils Ulltveit-Moe,et al.  Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context , 2011, Wirel. Pers. Commun..

[8]  Raed A. Abd-Alhameed,et al.  Towards an Autonomous Host-Based Intrusion Detection System for Android Mobile Devices , 2018, BROADNETS.

[9]  Georgios Mantas,et al.  Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[10]  Bernardi Pranggono,et al.  Mobile Malware and Smart Device Security: Trends, Challenges and Solutions , 2013, 2013 19th International Conference on Control Systems and Computer Science.

[11]  Dijiang Huang,et al.  MobiCloud: Building Secure Cloud Framework for Mobile Computing and Communication , 2010, 2010 Fifth IEEE International Symposium on Service Oriented System Engineering.

[12]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.