This research work presents the design and implementation of a host-based Intrusion
Detection and Prevention System (IDPS) called HIDROID (Host-based Intrusion
Detection and protection system for andROID) for Android smartphones. It runs
completely on the mobile device, with a minimal computation burden. It collects data in
real-time, periodically sampling features that reflect the overall utilisation of scarce
resources of a mobile device (e.g. CPU, memory, battery, bandwidth, etc.).
The Detection Engine of HIDROID adopts an anomaly-based approach by exploiting
statistical and machine learning algorithms. That is, it builds a data-driven model for
benign behaviour and looks for the outliers considered as suspicious activities. Any
observation failing to match this model triggers an alert and the preventive agent takes
proper countermeasure(s) to minimise the risk.
The key novel characteristic of the Detection Engine of HIDROID is the fact that it
requires no malicious data for training or tuning. In fact, the Detection Engine implements
the following two anomaly detection algorithms: a variation of K-Means algorithm with
only one cluster and the univariate Gaussian algorithm. Experimental test results on a
real device show that HIDROID is well able to learn and discriminate normal from
anomalous behaviour, demonstrating a very promising detection accuracy of up to 0.91,
while maintaining false positive rate below 0.03.
Finally, it is noteworthy to mention that to the best of our knowledge, publicly available
datasets representing benign and abnormal behaviour of Android smartphones do not
exist. Thus, in the context of this research work, two new datasets were generated in
order to evaluate HIDROID. / Fundação para a Ciência e Tecnologia (FCT-Portugal) with reference SFRH/BD/112755/2015,
European Regional Development Fund (FEDER), through the Competitiveness and Internationalization Operational Programme (COMPETE 2020),
Regional Operational Program of the Algarve (2020),
Fundação para a Ciência e Tecnologia; i-Five .: Extensão do acesso de espectro dinâmico para rádio 5G,
POCI-01-0145-FEDER-030500,
Instituto de telecomunicações, (IT-Portugal) as the host institution.
Identifer | oai:union.ndltd.org:BRADFORD/oai:bradscholars.brad.ac.uk:10454/18742 |
Date | January 2019 |
Creators | Ribeiro, José C.V.G. |
Contributors | Abd-Alhameed, Raed, Shepherd, Simon J., Mantas, G. |
Publisher | University of Bradford, School of Engineering, Design and Technology |
Source Sets | Bradford Scholars |
Language | English |
Detected Language | English |
Type | Thesis, doctoral, PhD |
Rights | <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>. |
Page generated in 0.0023 seconds