Design and implementation of an Android host-based intrusion prevention system

Proceedings of the 30th Annual Computer Security Applications Conference Pub Date : 2014-12-08 DOI:10.1145/2664243.2664245

Mingshen Sun, Min Zheng, John C.S. Lui, Xuxian Jiang

{"title":"Design and implementation of an Android host-based intrusion prevention system","authors":"Mingshen Sun, Min Zheng, John C.S. Lui, Xuxian Jiang","doi":"10.1145/2664243.2664245","DOIUrl":null,"url":null,"abstract":"Android has a dominating share in the mobile market and there is a significant rise of mobile malware targeting Android devices. Android malware accounted for 97% of all mobile threats in 2013 [26]. To protect smartphones and prevent privacy leakage, companies have implemented various host-based intrusion prevention systems (HIPS) on their Android devices. In this paper, we first analyze the implementations, strengths and weaknesses of three popular HIPS architectures. We demonstrate a severe loophole and weakness of an existing popular HIPS product in which hackers can readily exploit. Then we present a design and implementation of a secure and extensible HIPS platform---\"Patronus.\" Patronus not only provides intrusion prevention without the need to modify the Android system, it can also dynamically detect existing malware based on runtime information. We propose a two-phase dynamic detection algorithm for detecting running malware. Our experiments show that Patronus can prevent the intrusive behaviors efficiently and detect malware accurately with a very low performance overhead and power consumption.","PeriodicalId":104443,"journal":{"name":"Proceedings of the 30th Annual Computer Security Applications Conference","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 30th Annual Computer Security Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2664243.2664245","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 44

Abstract

Android has a dominating share in the mobile market and there is a significant rise of mobile malware targeting Android devices. Android malware accounted for 97% of all mobile threats in 2013 [26]. To protect smartphones and prevent privacy leakage, companies have implemented various host-based intrusion prevention systems (HIPS) on their Android devices. In this paper, we first analyze the implementations, strengths and weaknesses of three popular HIPS architectures. We demonstrate a severe loophole and weakness of an existing popular HIPS product in which hackers can readily exploit. Then we present a design and implementation of a secure and extensible HIPS platform---"Patronus." Patronus not only provides intrusion prevention without the need to modify the Android system, it can also dynamically detect existing malware based on runtime information. We propose a two-phase dynamic detection algorithm for detecting running malware. Our experiments show that Patronus can prevent the intrusive behaviors efficiently and detect malware accurately with a very low performance overhead and power consumption.

查看原文本刊更多论文

基于Android主机的入侵防御系统的设计与实现

Android在移动市场占据主导地位，针对Android设备的移动恶意软件数量显著上升。2013年，Android恶意软件占所有移动威胁的97%[26]。为了保护智能手机和防止隐私泄露，许多公司已经在他们的Android设备上实施了各种基于主机的入侵防御系统(HIPS)。在本文中，我们首先分析了三种流行的HIPS架构的实现、优缺点。我们展示了现有流行的HIPS产品的一个严重漏洞和弱点，黑客可以很容易地利用它。然后，我们提出了一个安全的、可扩展的HIPS平台“Patronus”的设计和实现。光顾不仅提供入侵防御而无需修改Android系统，它还可以根据运行时信息动态检测存在的恶意软件。提出了一种两阶段动态检测算法，用于检测正在运行的恶意软件。实验结果表明，Patronus能够有效地阻止入侵行为，准确地检测出恶意软件，并且性能开销和功耗都很低。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 30th Annual Computer Security Applications Conference

自引率

0.00%

发文量