Skip navigation

HIDROID: prototyping a behavioral host-based intrusion detection and prevention system for android

HIDROID: prototyping a behavioral host-based intrusion detection and prevention system for android

Ribeiro, Jose ORCID: 0000-0002-6526-7334, Saghezchi, Firooz B. ORCID: 0000-0002-7429-2144, Mantas, Georgios ORCID: 0000-0002-8074-0417, Rodriguez, Jonathan ORCID: 0000-0001-9829-0955 and Abd-Alhameed, Raed A. ORCID: 0000-0003-2972-9965 (2020) HIDROID: prototyping a behavioral host-based intrusion detection and prevention system for android. IEEE Access, 8. pp. 23154-23168. ISSN 2169-3536 (Online) (doi:https://doi.org/10.1109/ACCESS.2020.2969626)

[img]
Preview
PDF (Open Access Article)
27697 MANTAS_HIDROID_Prototyping_A_Behavioral_Host-based_Intrusion_Detection_(OA)_2020.pdf - Published Version
Available under License Creative Commons Attribution.

Download (7MB) | Preview

Abstract

Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.

Item Type: Article
Uncontrolled Keywords: android, security and privacy, intrusion detection and prevention system (IDPS), anomalydetection, malware detection, behavior analysis, machine learning, prototype development
Subjects: T Technology > TA Engineering (General). Civil engineering (General)
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Engineering (ENG)
Last Modified: 19 Sep 2020 00:20
URI: http://gala.gre.ac.uk/id/eprint/27697

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics