HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android
Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connecti...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2020-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8970345/ |
id |
doaj-dd79056e5311442c896d6935f3b85404 |
---|---|
record_format |
Article |
spelling |
doaj-dd79056e5311442c896d6935f3b854042021-03-30T01:16:17ZengIEEEIEEE Access2169-35362020-01-018231542316810.1109/ACCESS.2020.29696268970345HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for AndroidJose Ribeiro0https://orcid.org/0000-0002-6526-7334Firooz B. Saghezchi1https://orcid.org/0000-0002-7429-2144Georgios Mantas2https://orcid.org/0000-0002-8074-0417Jonathan Rodriguez3https://orcid.org/0000-0001-9829-0955Raed A. Abd-Alhameed4https://orcid.org/0000-0003-2972-9965Instituto de Telecomunicações, Aveiro, PortugalInstituto de Telecomunicações, Aveiro, PortugalInstituto de Telecomunicações, Aveiro, PortugalInstituto de Telecomunicações, Aveiro, PortugalDepartment of Engineering and Informatics, University of Bradford, Bradford, U.K.Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03.https://ieeexplore.ieee.org/document/8970345/Androidsecurity and privacyintrusion detection and prevention system (IDPS)anomaly detectionmalware detectionbehavior analysis |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Jose Ribeiro Firooz B. Saghezchi Georgios Mantas Jonathan Rodriguez Raed A. Abd-Alhameed |
spellingShingle |
Jose Ribeiro Firooz B. Saghezchi Georgios Mantas Jonathan Rodriguez Raed A. Abd-Alhameed HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android IEEE Access Android security and privacy intrusion detection and prevention system (IDPS) anomaly detection malware detection behavior analysis |
author_facet |
Jose Ribeiro Firooz B. Saghezchi Georgios Mantas Jonathan Rodriguez Raed A. Abd-Alhameed |
author_sort |
Jose Ribeiro |
title |
HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android |
title_short |
HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android |
title_full |
HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android |
title_fullStr |
HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android |
title_full_unstemmed |
HIDROID: Prototyping a Behavioral Host-Based Intrusion Detection and Prevention System for Android |
title_sort |
hidroid: prototyping a behavioral host-based intrusion detection and prevention system for android |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2020-01-01 |
description |
Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03. |
topic |
Android security and privacy intrusion detection and prevention system (IDPS) anomaly detection malware detection behavior analysis |
url |
https://ieeexplore.ieee.org/document/8970345/ |
work_keys_str_mv |
AT joseribeiro hidroidprototypingabehavioralhostbasedintrusiondetectionandpreventionsystemforandroid AT firoozbsaghezchi hidroidprototypingabehavioralhostbasedintrusiondetectionandpreventionsystemforandroid AT georgiosmantas hidroidprototypingabehavioralhostbasedintrusiondetectionandpreventionsystemforandroid AT jonathanrodriguez hidroidprototypingabehavioralhostbasedintrusiondetectionandpreventionsystemforandroid AT raedaabdalhameed hidroidprototypingabehavioralhostbasedintrusiondetectionandpreventionsystemforandroid |
_version_ |
1724187423273910272 |