HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network’s outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user’s privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.

[1]  Raed A. Abd-Alhameed,et al.  An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices , 2019, Mobile Networks and Applications.

[2]  Georgios Mantas,et al.  Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[3]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[4]  Shehroz S. Khan,et al.  One-class classification: taxonomy of study and review of techniques , 2013, The Knowledge Engineering Review.

[5]  Xingquan Zhu,et al.  Machine Learning for Android Malware Detection Using Permission and API Calls , 2013, 2013 IEEE 25th International Conference on Tools with Artificial Intelligence.

[6]  Gianluca Dini,et al.  MADAM: A Multi-level Anomaly Detector for Android Malware , 2012, MMM-ACNS.

[7]  Shehroz S. Khan,et al.  A Survey of Recent Trends in One Class Classification , 2009, AICS.

[8]  Raed A. Abd-Alhameed,et al.  Towards an Autonomous Host-Based Intrusion Detection System for Android Mobile Devices , 2018, BROADNETS.

[9]  Toni Janevski 5G Mobile Phone Concept , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[10]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[11]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[12]  Georgios Mantas,et al.  Security for 5G Communications , 2015 .

[13]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[14]  Oleksiy Mazhelis,et al.  One-class classifiers : a review and analysis of suitability in the context of mobile-masquerader detection , 2006, South Afr. Comput. J..

[15]  Yasir Mehmood,et al.  Intrusion Detection System in Cloud Computing: Challenges and opportunities , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[16]  Li Guo,et al.  Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System , 2006, Inscrypt.

[17]  Basilio Sierra,et al.  Towards Application of One-Class Classification Methods to Medical Data , 2014, TheScientificWorldJournal.

[18]  Azzedine Boukerche,et al.  A multi-stage anomaly detection scheme for augmenting the security in IoT-enabled applications , 2020, Future Gener. Comput. Syst..

[19]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[20]  Sahin Albayrak,et al.  Monitoring Smartphones for Anomaly Detection , 2008, Mob. Networks Appl..

[21]  Albert Y. Zomaya,et al.  A Hybrid Deep Learning-Based Model for Anomaly Detection in Cloud Datacenter Networks , 2019, IEEE Transactions on Network and Service Management.

[22]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[23]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[24]  Abd-Elhamid M. Taha,et al.  Drivers for 5G , 2015 .

[25]  Mohammad S. Obaidat,et al.  HyClass: Hybrid Classification Model for Anomaly Detection in Cloud Environment , 2018, 2018 IEEE International Conference on Communications (ICC).

[26]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[27]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[28]  Mark Stamp,et al.  A comparison of static, dynamic, and hybrid analysis for malware detection , 2015, Journal of Computer Virology and Hacking Techniques.

[29]  Iqbal Gondal,et al.  Survey of intrusion detection systems: techniques, datasets and challenges , 2019, Cybersecurity.

[30]  Firooz B. Saghezchi,et al.  Drivers for 5 G : The ‘ Pervasive Connected World ’ , 2015 .

[31]  Albert Y. Zomaya,et al.  En-ABC: An ensemble artificial bee colony based anomaly detection scheme for cloud environment , 2020, J. Parallel Distributed Comput..