Abstract
Intrusion Detection System (IDS) is crucial to protect smartphones from imminent security breaches and ensure user privacy. Android is the most popular mobile Operating System (OS), holding above 85% market share. The traffic generated by smartphones is expected to exceed the one generated by personal computers by 2021. Consequently, this prevalent mobile OS will stay one of the most attractive targets for potential attacks on fifth generation mobile networks (5G). Although Android malware detection has received considerable attention, offered solutions mostly rely on performing resource intensive analysis on a server, assuming a continuous connection between the device and the server, or on employing supervised Machine Learning (ML) algorithms for profiling the malware’s behaviour, which essentially require a training dataset consisting of thousands of examples from both benign and malicious profiles. However, in practice, collecting malicious examples is tedious since it entails infecting the device and collecting thousands of samples in order to characterise the malware’s behaviour and the labelling has to be done manually. In this paper, we propose a novel Host-based IDS (HIDS) incorporating statistical and semi-supervised ML algorithms. The advantage of our proposed IDS is two folds. First, it is wholly autonomous and runs on the mobile device, without needing any connection to a server. Second, it requires only benign examples for tuning, with potentially a few malicious ones. The evaluation results show that the proposed IDS achieves a very promising accuracy of above 0.9983, reaching up to 1.
Similar content being viewed by others
References
Polla L, Martinelli F, Sgandurra D (2013) “A survey on security for Mobile devices,” communications surveys & tutorials. IEEE 15(1):446–471
Becher M, Freiling FC, Hoffmann J, Holtz T, Uellenbeck S, Wolf C (2011) “Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices,” In Security and Privacy (SP), pp. 96-111. IEEE
Mantas G, Komninos N, Rodriguez J, Logota E, Marques H (2015) “Security for 5G Communications,” Eds., John Wiley & sons, Ltd, Chichester, 207–220
Arabo A, Pranggono B (2013) “Mobile Malware and Smart Devices Security: Trends, Challenges and Solutions,” Control Systems and Computer (CSCS), 2013 19th International Conference, pp. (526–531). IEEE
Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In Proc. of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 15-26). ACM
Xu R, Saïdi H, Anderson R (2012) “Aurasium: Practical policy enforcement for Android applications,” in Proc. 21st USENIX Conf. Security Symp., USENIX Association
Borges P et al. (2017) "Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals," 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon. 1034–1039
Ulltveit-Moe N, Oleshchuk VA, Koien GM (2011) Location-aware mobile intrusion detection with enhanced privacy in 5G context. Wirel Pers Commun 57(3):317–338
Huang D, Zhang X, Kang M, Luo J (2010) “MobiCloud: building secure cloud framework for mobile computing and communication,” In Service Oriented Sys-tem Engineering (SOSE), 2010 Fifth IEEE International Symposium. 27–34
Ribeiro JC, Mantas G, Saghezchi FB, Rodriguez J, Abd-Alhameed RA (2019) “Towards an Autonomous Host-based Intrusion Detection System for Android Mobile Devices”, V. Sucasas et al. (Eds.): BROADNETS 2018, LNICST 263
Andrew Ng, (2018). Machine Learning. Coursera, Stanford University, (Online). https://www.coursera.org/learn/machine-learning/lecture/V9MNG/problem-motivation
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):1–58
Acknowledgements
José Ribeiro would like to acknowledge his PhD grant funded by the Fundação para a Ciência e Tecnologia (FCT-Portugal) with reference SFRH/BD/112755/2015. This work is supported by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Centre (CENTRO 2020) of the Portugal 2020 framework [Project MOBITRUST with Nr. 003343 (CENTRO-01-0247-FEDER-003343)].
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ribeiro, J., Saghezchi, F.B., Mantas, G. et al. An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices. Mobile Netw Appl 25, 164–172 (2020). https://doi.org/10.1007/s11036-019-01220-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-019-01220-y