Skip to main content
Log in

An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Intrusion Detection System (IDS) is crucial to protect smartphones from imminent security breaches and ensure user privacy. Android is the most popular mobile Operating System (OS), holding above 85% market share. The traffic generated by smartphones is expected to exceed the one generated by personal computers by 2021. Consequently, this prevalent mobile OS will stay one of the most attractive targets for potential attacks on fifth generation mobile networks (5G). Although Android malware detection has received considerable attention, offered solutions mostly rely on performing resource intensive analysis on a server, assuming a continuous connection between the device and the server, or on employing supervised Machine Learning (ML) algorithms for profiling the malware’s behaviour, which essentially require a training dataset consisting of thousands of examples from both benign and malicious profiles. However, in practice, collecting malicious examples is tedious since it entails infecting the device and collecting thousands of samples in order to characterise the malware’s behaviour and the labelling has to be done manually. In this paper, we propose a novel Host-based IDS (HIDS) incorporating statistical and semi-supervised ML algorithms. The advantage of our proposed IDS is two folds. First, it is wholly autonomous and runs on the mobile device, without needing any connection to a server. Second, it requires only benign examples for tuning, with potentially a few malicious ones. The evaluation results show that the proposed IDS achieves a very promising accuracy of above 0.9983, reaching up to 1.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Polla L, Martinelli F, Sgandurra D (2013) “A survey on security for Mobile devices,” communications surveys & tutorials. IEEE 15(1):446–471

    Google Scholar 

  2. Becher M, Freiling FC, Hoffmann J, Holtz T, Uellenbeck S, Wolf C (2011) “Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices,” In Security and Privacy (SP), pp. 96-111. IEEE

  3. Mantas G, Komninos N, Rodriguez J, Logota E, Marques H (2015) “Security for 5G Communications,” Eds., John Wiley & sons, Ltd, Chichester, 207–220

  4. Arabo A, Pranggono B (2013) “Mobile Malware and Smart Devices Security: Trends, Challenges and Solutions,” Control Systems and Computer (CSCS), 2013 19th International Conference, pp. (526–531). IEEE

  5. Shabtai A, Kanonov U, Elovici Y, Glezer C, Weiss Y (2012) “Andromaly”: a behavioral malware detection framework for android devices. J Intell Inf Syst 38(1):161–190

    Article  Google Scholar 

  6. Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: behavior-based malware detection system for android. In Proc. of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 15-26). ACM

  7. Xu R, Saïdi H, Anderson R (2012) “Aurasium: Practical policy enforcement for Android applications,” in Proc. 21st USENIX Conf. Security Symp., USENIX Association

  8. Borges P et al. (2017) "Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals," 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon. 1034–1039

  9. Ulltveit-Moe N, Oleshchuk VA, Koien GM (2011) Location-aware mobile intrusion detection with enhanced privacy in 5G context. Wirel Pers Commun 57(3):317–338

    Article  Google Scholar 

  10. Huang D, Zhang X, Kang M, Luo J (2010) “MobiCloud: building secure cloud framework for mobile computing and communication,” In Service Oriented Sys-tem Engineering (SOSE), 2010 Fifth IEEE International Symposium. 27–34

  11. Ribeiro JC, Mantas G, Saghezchi FB, Rodriguez J, Abd-Alhameed RA (2019) “Towards an Autonomous Host-based Intrusion Detection System for Android Mobile Devices”, V. Sucasas et al. (Eds.): BROADNETS 2018, LNICST 263

  12. Andrew Ng, (2018). Machine Learning. Coursera, Stanford University, (Online). https://www.coursera.org/learn/machine-learning/lecture/V9MNG/problem-motivation

  13. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):1–58

    Article  Google Scholar 

Download references

Acknowledgements

José Ribeiro would like to acknowledge his PhD grant funded by the Fundação para a Ciência e Tecnologia (FCT-Portugal) with reference SFRH/BD/112755/2015. This work is supported by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Centre (CENTRO 2020) of the Portugal 2020 framework [Project MOBITRUST with Nr. 003343 (CENTRO-01-0247-FEDER-003343)].

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to José Ribeiro.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ribeiro, J., Saghezchi, F.B., Mantas, G. et al. An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices. Mobile Netw Appl 25, 164–172 (2020). https://doi.org/10.1007/s11036-019-01220-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-019-01220-y

Keywords

Navigation