Scribd Logo
Upload

Welcome to Scribd!

  • ADroid: Anomaly-Based Detection of Malicious Events in Android Platforms

    Uploaded by

    NESG UGR
    38 views20 pages
    Presentation for JNIC 2017 Abstract: As mobile devices become more and more adopted by users, security risks also increase. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, applications related and communication related features. Second, a lightweight anomaly-based detection procedure is performed to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and the resources consumption involved in its operation show the goodness and promising capabilities of the system.

    Original Title

    ADroid: Anomaly-based Detection of Malicious Events in Android Platforms

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Presentation for JNIC 2017 Abstract: As mobile devices become more and more adopted by users, security risks also increase. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, applications related and communication related features. Second, a lightweight anomaly-based detection procedure is performed to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and the resources consumption involved in its operation show the goodness and promising capabilities of the system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    38 views20 pages

    ADroid: Anomaly-Based Detection of Malicious Events in Android Platforms

    Uploaded by

    NESG UGR
    Presentation for JNIC 2017 Abstract: As mobile devices become more and more adopted by users, security risks also increase. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, applications related and communication related features. Second, a lightweight anomaly-based detection procedure is performed to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and the resources consumption involved in its operation show the goodness and promising capabilities of the system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    ADroid: Anomaly-based

    Detection of Malicious Events


    in Android Platforms

    A. Ruiz-Heras, P. Garca Teodoro, L. Snchez-Casado


    Network Engineering & Security Group (NESG - http://nesg.ugr.es)
    UGR Cyber Security Group (UCyS - http://ucys.ugr.es)
    Universidad de Granada
    NESG
    NESG

    ndice
    ADroid: Anomaly-based Detection of Malicious Events

    1. Contexto
    2. Objetivo
    3. ADroid
    PGT NESG/UCyS - UGR 2017

    4. Resultados experimentales Agradecimientos:


    5. Conclusiones
    ADroid: Anomaly-based Detection of Malicious
    Events in Android Platforms
    -- Int. Journal of Information Security, pp. 1-14, 2016 --

    2
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    n Evolucin del malware mvil:

    3
    NESG

    1. Contexto

    Fuente:
    Sophos
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    n Impacto mundial:

    n OS:

    4
    Fuente:
    Kaspersky
    NESG

    1. Contexto
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    n Dispositivo hackeado: anatoma y efectos

    5
    NESG

    1. Contexto
    NESG

    1. Contexto

    n Software seguridad disponible:


    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    Network Log OS Monitor CONAN Mobile


    6
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    n Software disponible:

    7
    Fuente:
    NESG

    1. Contexto

    Surez-Tangil
    NESG

    ndice
    ADroid: Anomaly-based Detection of Malicious Events

    1. Contexto
    2. Objetivo
    3. ADroid
    PGT NESG/UCyS - UGR 2017

    4. Resultados experimentales
    5. Conclusiones

    8
    NESG

    2. Objetivo
    ADroid: Anomaly-based Detection of Malicious Events

    n Objetivo:

    Diseo, implementacin, despliegue y evaluacin


    PGT NESG/UCyS - UGR 2017

    de un sistema de deteccin de anomalas (ms


    firmas) de bajo coste y complejidad para su
    empleo en plataformas Android

    9
    NESG

    ndice
    ADroid: Anomaly-based Detection of Malicious Events

    1. Contexto
    2. Objetivo
    3. ADroid
    PGT NESG/UCyS - UGR 2017

    4. Resultados experimentales
    5. Conclusiones

    10
    NESG

    3. ADroid

    n ADroid: deteccin de anomalas (vs. firmas)


    ADroid: Anomaly-based Detection of Malicious Events

    Perfiles reglas
    (manual)
    PGT NESG/UCyS - UGR 2017

    Interfaces

    Apps Anlisis/
    Trazas
    Monitor (auto) deteccin
    Comms
    (lightweight)
    Alarma

    Visualizacin Accin

    11
    NESG

    3. ADroid
    ADroid: Anomaly-based Detection of Malicious Events

    n Monitorizacin del dispositivo: st = <it, at,ct >


    q Interface : it = (it1, it2, , itL ), donde
    itk = 0 o 1
    q App: at = <at1, at2, , atM >, con
    PGT NESG/UCyS - UGR 2017

    atk = (ntk, ptk1, , ptkP)


    q Comm: ct = <ct1, ct2, , ctN >, donde
    ctk = (aptk, diptk, dporttk, bttk, brtk, drtk, sttk) o
    ctk = (phtk, dptk)

    VS = <VSi, VSa, VSc>


    12
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    q Interfaces

    q Comms

    13
    q Apps
    NESG

    3. ADroid
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    n Proceso de deteccin en ADroid:

    14
    NESG

    3. ADroid
    ADroid: Anomaly-based Detection of Malicious Events
    PGT NESG/UCyS - UGR 2017

    15
    NESG

    3. ADroid

    n Ventanas principal y de deteccin de ADroid:


    NESG

    ndice
    ADroid: Anomaly-based Detection of Malicious Events

    1. Contexto
    2. Objetivo
    3. ADroid
    PGT NESG/UCyS - UGR 2017

    4. Resultados experimentales
    5. Conclusiones

    16
    NESG

    4. Resultados
    ADroid: Anomaly-based Detection of Malicious Events

    n Bases datos:
    q Goodware: 240
    (Google Play)
    q Malware: 480
    PGT NESG/UCyS - UGR 2017

    (contagio)

    17
    NESG

    4. Resultados
    ADroid: Anomaly-based Detection of Malicious Events

    n Resultados de deteccin:
    q Cubot GT99, 1GB, 1.2GHz, core duo
    ADroid: Anomaly-based detection of malicious events in Android platforms 19
    PGT NESG/UCyS - UGR 2017

    Fig. 10 FPR evolution for dierent successive detection experiments.


    18
    NESG

    ndice
    ADroid: Anomaly-based Detection of Malicious Events

    1. Contexto
    2. Objetivo
    3. ADroid
    PGT NESG/UCyS - UGR 2017

    4. Resultados experimentales
    5. Conclusiones

    19
    NESG

    5. Conclusiones
    ADroid: Anomaly-based Detection of Malicious Events

    q Deteccin de anomalas ligera

    q Dispositivos Android
    PGT NESG/UCyS - UGR 2017

    q Complemento con
    esquemas colaborativos

    20

    You might also like