HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

Jose Ribeiro, Firooz B. Saghezchi, Georgios Mantas, Jonathan Rodriguez, Raed A. Abd-Alhameed

    Allbwn ymchwil: Cyfraniad at gyfnodolynErthygladolygiad gan gymheiriaid

    27 Wedi eu Llwytho i Lawr (Pure)

    Crynodeb

    Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.
    Iaith wreiddiolSaesneg
    Rhif yr erthygl8970345
    Tudalennau (o-i)23154-23168
    Nifer y tudalennau15
    CyfnodolynIEEE Access
    Cyfrol8
    Dynodwyr Gwrthrych Digidol (DOIs)
    StatwsCyhoeddwyd - 27 Ion 2020

    Ôl bys

    Gweld gwybodaeth am bynciau ymchwil 'HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.

    Dyfynnu hyn