TY - JOUR
T1 - HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android
AU - Ribeiro, Jose
AU - Saghezchi, Firooz B.
AU - Mantas, Georgios
AU - Rodriguez, Jonathan
AU - Abd-Alhameed, Raed A.
N1 - Funding Information:
This work was supported in part by the European Regional Development Fund (FEDER), through the Competitiveness and Internationalization Operational Programme (COMPETE 2020), in part by the Regional Operational Program of the Algarve (2020), and in part by the Fundação para a Ciência e Tecnologia; i-Five.: Extensão do acesso de espectro dinâmico para rádio 5G, under Grant POCI-01-0145-FEDER-030500. The work of José Ribeiro was supported by the Fundação para a Ciência e Tecnologia (FCT-Portugal) under Grant SFRH/BD/112755/2015.
Publisher Copyright:
© 2013 IEEE.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2020/1/27
Y1 - 2020/1/27
N2 - Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.
AB - Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.
KW - Android
KW - anomaly detection
KW - behavior analysis
KW - intrusion detection and prevention system (IDPS)
KW - machine learning
KW - malware detection
KW - prototype development
KW - security and privacy
U2 - 10.1109/ACCESS.2020.2969626
DO - 10.1109/ACCESS.2020.2969626
M3 - Article
SN - 2169-3536
VL - 8
SP - 23154
EP - 23168
JO - IEEE Access
JF - IEEE Access
M1 - 8970345
ER -