ADroid: anomaly-based detection of malicious events in Android platforms
-
A. Ruiz-Heras; Pedro García-Teodoro; Leovigildo Sánchez Casado
- Abstract:
- As mobile devices become more and more adopted by users for daily personal and professional activities, associated security risks and impact to them also increase. Although there are a number of proposals aimed at fighting against such incidents, the topic still remains challenging. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, application-related and communication-related features. Second, a light weight anomaly-based detection procedure is performed over these features in order to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists to indicate in an easy way certain allowed/undesired activities which, if so, should trigger an alarm by the supervision system. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and there sources consumption involved in its operation show the goodness and promising capabilities of the system.
- Research areas:
- Year:
- 2016
- Type of Publication:
- Article
- Keywords:
- Anomaly detection, Behavior, Malicious event, Malware, Mobile device, Security
- Journal:
- International Journal of Information Security
- Month:
- June
- DOI:
- 10.1007/s10207-016-0333-1
Hits: 4393