Towards a Hybrid Intrusion Detection System for Android-based PPDR Terminals

Authors

Abstract

Mobile devices are used for communication and
for tasks that are sensitive and subject to tampering. Indeed,
attacks can be performed on the users’ devices without user
awareness, this represents additional risk in mission critical
scenarios, such as Public Protection and Disaster Relief (PPDR).
Intrusion Detection Systems are important for scenarios where
information leakage is of crucial importance, since they allow
to detect possible attacks to information assets (e.g., installation
of malware), or can even compromise the security of PPDR
personnel. HyIDS is an Hybrid IDS for Android and supporting
the stringent security requirements of PPDR, by comprising
agents that continuously monitor mobile device and periodically
transmit the data to an analysis framework at the Command
Control Center (CCC). The data collection retrieves resource
usage metrics for each installed application such as CPU, memory
usage, and incoming and outgoing network traffic. At the CCC,
the HyIDS employs machine learning techniques to identify
patterns that are consistent with malware signatures based on
the data collected from the applications. The HyIDS’ evaluation
results demonstrate that the proposed solution has low impact
in the mobile device in terms of battery consumption and
CPU/memory usage.

Subject

Mobile Forensics, IDS

Conference

Integrated Network and Service Management (IM), May 2017

DOI