Maroua Ben Attia
Abdelwahab Hamou-Lhadj
ABSTRACT
As small-scale embedded systems such as Smartphones rapidly evolve, mobile malwares grow increasingly more sophisticated and dangerous. An important attack vector targeting Android Smartphone is repackaging legitimate applications to inject malicious activities, where such repackaging can be performed before or after the installation of applications on the Smartphone. To detect the behaviour deviation of applications caused by the injected malicious activities, complex anomaly detection algorithms are usually applied, however they require a system resources budget that is beyond the capacities of these small-scale devices. This paper focuses on the usability of on-device anomaly detection algorithms and proposes a detection framework for Android-based devices. The proposed solution allows using a remote server without relying entirely on it. The experimental results allow building resources consumption profiles of the studied anomaly detections algorithms and thus, provide reliable measurements that help define trade-offs between detection accuracy and resource consumption.
- M. Frazier, The BeagleBoard: $149 Linux System, 2008. Available from: http://www.linuxjournal.com/content/beagleboard-149-linux-systemGoogle Scholar
- S. Joly, TBS2910 Mini PC ARM Matrix, 2014. Available from: http://domotique-info.fr/2014/04/tbs2910-mini-pc-arm-matrix/Google Scholar
- E. Millard, "Cabir: World's First Wireless Worm", 2004. Available from: http://www.technewsworld.com/story/34542.htmlGoogle Scholar
- J. Abhishek, "Android SMS malware hosted on Google Play infects 1.2 Million users". Available from: http://www.hackleaks.in/2014/02/android-sms-malware-hosted-on-google.htmlGoogle Scholar
- Sophos, "Mobile Security Threat Report 2014". Available from: http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.pdfGoogle Scholar
- M. Zhao et al. "AntiMalDroid: an efficient SVM-based malware detection framework for Android." Information Computing and Applications. Springer Berlin Heidelberg, 2011. 158--166.Google Scholar
- Aafer, Yousra, Wenliang Du, and Heng Yin. "DroidAPIMiner: Mining API-level features for robust malware detection in android." Security and Privacy in Communication Networks. Springer International Publishing, 2013. 86--103.Google Scholar
- gumstix.com, "Overoő FE COM", 2014. Available from: https://store.gumstix.com/index.php/products/256/Google Scholar
- apc.io, "APC 8750", 2014. Available from: http://apc.io/products/8750a/Google Scholar
- Gary Ng, "The 16GB Samsung Galaxy S5 Has Less Than 8GB of Usable Storage", 2014. Available from: http://www.iphoneincanada.ca/news/galaxy-s5-8gb-usable-storage/Google Scholar
- Warrender, C., Forrest, S., & Pearlmutter, B. (1999). "Detecting intrusions using system calls: Alternative data models". In Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on (pp. 133--145). IEEE.Google Scholar
- Sultana, A., Hamou-Lhadj, A., & Couture, M. (2012, June). "An improved Hidden Markov Model for anomaly detection using frequent common patterns". In Communications (ICC), 2012 IEEE International Conference on (pp. 1113--1117). IEEE.Google Scholar
- Jain, R., & Abouzakhar, N. S. (2013). "Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection".Google Scholar
- Li, W., & Meng, Y. (2013). "Improving the performance of neural networks with random forest in detecting network intrusions". In Advances in Neural Networks --- ISNN 2013 (pp. 622--629). Springer Berlin Heidelberg. Google ScholarDigital Library
- S. Forrest, SA. Hofmeyr, and A. Somayaji. "A sense of self for Unix process". In Proceedings of the 1996 IEEE symposium on research in security and privacy, Oakland California, pp. 120--128, 1996. Google ScholarDigital Library
- N. Hubballi, S. Biswas, and S. Nandi. (2010). "Layered Higher Order N-grams for Hardening Payload Based Anomaly Intrusion Detection". Availability, Reliability, and Security, 2010. ARES '10 International Conference on, vol., no., pp. 321, 326.Google Scholar
- M. C. T. Kymie and A. M Roy. 2002. "Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (SP '02). IEEE Computer Society, Washington, DC, USA, 188-. Google ScholarDigital Library
- P. Amontamavut, Y. Nakagawa, and E. Hayakawa. "Separated Linux Process Logging Mechanism for Embedded Systems" Embedded and Real-Time Computing Systems and Applications (RTCSA), 2012 IEEE 18th International Conference on, vol., no., pp.411, 414, 19-22 Aug. 2012 Google ScholarDigital Library
- Panda labs. "Panda Security Annual Report PandaLabs 2013 Summary", 2013. Available from: http://m.itcafe.hu/dl/cnt/2014-03/107032/pandalabs-annual-report-2013.pdfGoogle Scholar
- S. Forrest, S. Hofmeyr, and A. Somayaji. "The evolution of system-call monitoring" Computer Security Applications Conference, 2008. ACSAC 2008. Annual. IEEE, 2008. Google ScholarDigital Library
- A. Amamra, C. Talhi, and J-M Robert. "Impact of Dataset Representation on Smartphone Malware Detection Performance" Trust Management VII. Springer Berlin Heidelberg, 2013. 166--176.Google Scholar
- H. Neminath, B. Santosh, and N. Sukumar. "Sequencegram: n-gram modeling of system calls for program based anomaly detection". In Communication Systems and Networks (COMSNETS), pp. 1--10, Jan 2011Google Scholar
- J. Guofei, Chen. Haifeng, C. Ungureanu, and K. Yoshihira. "Multi-resolution Abnormal Trace Detection Using Varied-length N-grams and Automata". International Conference on Autonomic Computing (ICAC 2005), pp. 111, 122, 13-16 June 2005 Google ScholarDigital Library
- N. Wang, J. Han, and J. Fang. "Anomaly Sequences Detection from Logs Based on Compression". arXiv preprint arXiv:1109.1729, 2011.Google Scholar
- J. Alakuijala and V. Lode. "Data compression using Zopfli". Tech. rep. Google Inc., Feb.Google Scholar
Index Terms
- On-device anomaly detection for resource-limited systems
Recommendations
SpotCheck: On-Device Anomaly Detection for Android
SIN 2020: 13th International Conference on Security of Information and NetworksIn recent years the PC has been replaced by mobile devices for many security sensitive operations, both from a privacy and a financial standpoint. While security mechanisms are deployed at various levels, these are frequently put under strain by ...
A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection
MCS '15: Proceedings of the 6th International Workshop on Mobile Cloud Computing and ServicesAs the dominator of the Smartphone operating system market, Android has attracted the attention of malware authors and researchers alike. The number of Android malware is increasing rapidly regardless of the considerable number of proposed malware ...
Specification-based anomaly detection: a new approach for detecting network intrusions
CCS '02: Proceedings of the 9th ACM conference on Computer and communications securityUnlike signature or misuse based intrusion detection techniques, anomaly detection is capable of detecting novel attacks. However, the use of anomaly detection in practice is hampered by a high rate of false alarms. Specification-based techniques have ...
Comments