HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

Jose Ribeiro, Firooz B. Saghezchi, Georgios Mantas, Jonathan Rodriguez, Raed A. Abd-Alhameed

Allbwn ymchwil: Cyfraniad at gyfnodolynErthygladolygiad gan gymheiriaid

59 Wedi eu Llwytho i Lawr (Pure)


Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.
Iaith wreiddiolSaesneg
Rhif yr erthygl8970345
Tudalennau (o-i)23154-23168
Nifer y tudalennau15
CyfnodolynIEEE Access
Dynodwyr Gwrthrych Digidol (DOIs)
StatwsCyhoeddwyd - 27 Ion 2020

Ôl bys

Gweld gwybodaeth am bynciau ymchwil 'HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.

Dyfynnu hyn