Lightweight intrusion detection for mobile devices. (c2012)

Abstract

Current mobile devices are capable of providing connectivity anytime anywhere while supporting multitude of services and applications. This luxury of all-time connectivity makes mobile devices targets for a wide range of security attacks. Malware can be deployed to steal private data stored on the mobile device such as text messages, call history, photos, emails and others. More serious attacks may occur where malware initiates communication rather than just access stored information. In this thesis, we design and implement a lightweight malware detection technique that appropriately suits resource-constrained mobile devices in terms of low storage and computational requirements. The proposed technique utilizes several user parameters (such as SMS and call activity) and system parameters (such as CPU and memory utilization) over a period of time to model the activity profile of the mobile user rather than storing and checking a large number of abnormal behaviors (such as signatures of possible attacks). These parameters are continuously adapted based on the user behavior. Any violation to the constructed user profile will issue an alert for a potential security threat. We implemented and tested the proposed technique on Android mobile devices with several possible attacks. Results demonstrated its capabilities in terms of high malware detection success rate in addition to low storage and computational requirements.