NESG

Icono Icono

Icono Icono

ADroid: anomaly-based detection of malicious events in Android platforms

A. Ruiz-Heras; Pedro García-Teodoro; Leovigildo Sánchez Casado
Abstract:
As mobile devices become more and more adopted by users for daily personal and professional activities, associated security risks and impact to them also increase. Although there are a number of proposals aimed at fighting against such incidents, the topic still remains challenging. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, application-related and communication-related features. Second, a light weight anomaly-based detection procedure is performed over these features in order to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists to indicate in an easy way certain allowed/undesired activities which, if so, should trigger an alarm by the supervision system. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and there sources consumption involved in its operation show the goodness and promising capabilities of the system.
Research areas:
Year:
2016
Type of Publication:
Article
Keywords:
Anomaly detection, Behavior, Malicious event, Malware, Mobile device, Security
Journal:
International Journal of Information Security
Month:
June
DOI:
10.1007/s10207-016-0333-1
Hits: 4393