Effective Reporting (ER) for Mobile Host-Based Security and Forensics

Abstract

A mobile device's intrusion protection system (IPS) is at odds with itself: it should run as often as necessary and remain transparent to the system and the users; however, it should use as little system resources as possible to detect, report and prevent intrusions. By creating a forensics report that regularly monitors demands placed on battery current (mA) as well as correlating power and event activities, such as processes, open ports, and registry keys, a mobile host-based form of intrusion protection can be easily integrated into virtually any network intrusion detection system (IDS.) This paper outlines a novel design, test and build methodology to generate an effective security profile and an efficient bit-vector reporting format, to provide an enhancement in detecting, alerting and responding to various misuse conditions.