Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals

Borges, Pedro; Sousa, Bruno; Ferreira, Luis; Saghezchi, Firooz B.; Μαντάς, Γεώργιος; Ribeiro, José Carlos; Rodrı́guez, Jonathan; Cordeiro, Luís; Simões, Paulo

doi:10.23919/inm.2017.7987434

Cited by 11 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3) Distributed: the system is partly deployed on the mobile device and partly within the cloud. The data collection agent and some lightweight analyses are performed on the device, whereas computationally expensive analyses are carried out on a remote server computer [7], [24], [25]. There are several existing IDS solutions for Android [4], notably Andromaly [17], Aurasium [26], Crowdroid [6], Drozer [27] and Kirin [28].…”

Section: Related Workmentioning

confidence: 99%

“…Previous research efforts on designing an IDPS for Android mostly rely on rooting the device [6] or collecting data from remote devices and processing them in a command and control center within the cloud [7]- [9] However, these approaches have some severe limitations: i) they require a continuous link between a mobile device and a central IDPS server, that might not be always feasible due to the network's outage or partial coverage; and ii) they increase the risk of sensitive information leakage, which may lead to the violation of user's privacy. To mitigate these problems, in this paper, we extend our previous work in [10] and develop a prototype for a fully autonomous Host-based IDPS for Android (HIDROID).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

et al. 2020

Self Cite

View full text Add to dashboard Cite

Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-today usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03. INDEX TERMS Android, security and privacy, intrusion detection and prevention system (IDPS), anomaly detection, malware detection, behavior analysis, machine learning, prototype development.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…This type of classifier primarily a blend of the heterogeneous environment or/and classifiers as a detection mechanism in which right from the data normalization phase to the final decision phase is covered. Borges et al [37] presented a communication control module, a monitoring module, a mobile correlator module and, command and control center (C&C) components described to which the command and control center (C&C) center consists of a hybrid classifier. The monitoring module is responsible for monitoring normal and abnormal patterns for file access and usage, content observer and a broadcast receiver.…”

Section: Hybrid Classifiermentioning

confidence: 99%

Applications in Security and Evasions in Machine Learning: A Survey

2020

View full text Add to dashboard Cite

In recent years, machine learning (ML) has become an important part to yield security and privacy in various applications. ML is used to address serious issues such as real-time attack detection, data leakage vulnerability assessments and many more. ML extensively supports the demanding requirements of the current scenario of security and privacy across a range of areas such as real-time decision-making, big data processing, reduced cycle time for learning, cost-efficiency and error-free processing. Therefore, in this paper, we review the state of the art approaches where ML is applicable more effectively to fulfill current real-world requirements in security. We examine different security applications’ perspectives where ML models play an essential role and compare, with different possible dimensions, their accuracy results. By analyzing ML algorithms in security application it provides a blueprint for an interdisciplinary research area. Even with the use of current sophisticated technology and tools, attackers can evade the ML models by committing adversarial attacks. Therefore, requirements rise to assess the vulnerability in the ML models to cope up with the adversarial attacks at the time of development. Accordingly, as a supplement to this point, we also analyze the different types of adversarial attacks on the ML models. To give proper visualization of security properties, we have represented the threat model and defense strategies against adversarial attack methods. Moreover, we illustrate the adversarial attacks based on the attackers’ knowledge about the model and addressed the point of the model at which possible attacks may be committed. Finally, we also investigate different types of properties of the adversarial attacks.

show abstract

“…The application layer manages interactions with the end user, and physical layer security lacks the ability to prevent application layer attacks, such as hacking sensitive information stored in devices, like authentication keys or credit card information (Pedhadiya et al 2018). Intrusion detection system (IDS) is an alternative to detect and report malicious attacks within its detection area by providing surveillance on network traffic, system logs, running processes, application and system configuration changes, file access and modification (Borges et al 2017).…”

Section: Injecting Attackmentioning

confidence: 99%

5G device-to-device communication security and multipath routing solutions

et al. 2019

View full text Add to dashboard Cite

Through direct communication, device-to-device (D2D) technology can increase the overall throughput, enhance the coverage, and reduce the power consumption of cellular communications. Security will be of paramount importance in 5G, because 5G devices will directly affect our safety, such as by steering self-driving vehicles and controlling health care applications. 5G will be supporting millions of existing devices without adequate built-in security, as well as new devices whose extreme computing power will make them attractive targets for hackers. This paper presents a survey of the literature on security problems relating to D2D communications in mobile 5G networks. Issues include eavesdropping, jamming, primary user emulation attack, and injecting attack. Because multipath routing emerges as a strategy that can help combat many security problems, particularly eavesdropping, the paper contains an extensive discussion of the security implications of multipath routing. Finally, the paper describes results of a simulation that tests three path selection techniques inspired by the literature. The simulation reveals that routing information through interference disjoint paths most effectively inhibits eavesdropping.

show abstract

Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals

Cited by 11 publications

References 9 publications

HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android

Applications in Security and Evasions in Machine Learning: A Survey

5G device-to-device communication security and multipath routing solutions

Contact Info

Product

Resources

About