The best of both worlds: a framework for the synergistic operation of host and cloud anomaly-based IDS for smartphones

European Workshop on System Security Pub Date : 2014-04-13 DOI:10.1145/2592791.2592797

D. Damopoulos, G. Kambourakis, G. Portokalidis

{"title":"The best of both worlds: a framework for the synergistic operation of host and cloud anomaly-based IDS for smartphones","authors":"D. Damopoulos, G. Kambourakis, G. Portokalidis","doi":"10.1145/2592791.2592797","DOIUrl":null,"url":null,"abstract":"Smartphone ownership and usage has seen massive growth in the past years. As a result, their users have attracted unwanted attention from malicious entities and face many security challenges, including malware and privacy issues. This paper concentrates on IDS carefully designed to cater to the security needs of modern mobile platforms. Two main research issues are tackled: (a) the definition of an architecture which can be used towards implementing and deploying such a system in a dual-mode (host/cloud) manner and irrespectively of the underlying platform, and (b) the evaluation of a proof-of-concept anomaly-based IDS implementation that incorporates dissimilar detection features, with the aim to assess its performance qualities when running on state-of-the-art mobile hardware on the host device and on the cloud. This approach allows us to argue in favor of a hybrid host/cloud IDS arrangement (as it assembles the best characteristics of both worlds) and to provide quantitative evaluation facts on if and in which cases machine learning-driven detection is affordable when executed on-device.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"47","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Workshop on System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2592791.2592797","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 47

Abstract

Smartphone ownership and usage has seen massive growth in the past years. As a result, their users have attracted unwanted attention from malicious entities and face many security challenges, including malware and privacy issues. This paper concentrates on IDS carefully designed to cater to the security needs of modern mobile platforms. Two main research issues are tackled: (a) the definition of an architecture which can be used towards implementing and deploying such a system in a dual-mode (host/cloud) manner and irrespectively of the underlying platform, and (b) the evaluation of a proof-of-concept anomaly-based IDS implementation that incorporates dissimilar detection features, with the aim to assess its performance qualities when running on state-of-the-art mobile hardware on the host device and on the cloud. This approach allows us to argue in favor of a hybrid host/cloud IDS arrangement (as it assembles the best characteristics of both worlds) and to provide quantitative evaluation facts on if and in which cases machine learning-driven detection is affordable when executed on-device.

查看原文本刊更多论文

两全其美:智能手机主机和基于云异常的IDS协同操作的框架

过去几年，智能手机的拥有量和使用量大幅增长。因此，它们的用户吸引了恶意实体不必要的关注，并面临许多安全挑战，包括恶意软件和隐私问题。本文重点介绍了为满足现代移动平台的安全需求而精心设计的入侵检测系统。本文解决了两个主要的研究问题:(a)可用于以双模式(主机/云)方式实现和部署这样一个系统的架构的定义，而与底层平台无关;(b)对包含不同检测功能的基于概念验证的基于异常的IDS实现进行评估，目的是评估其在主机设备和云上最先进的移动硬件上运行时的性能质量。这种方法使我们能够支持混合主机/云IDS安排(因为它汇集了两个世界的最佳特征)，并提供定量评估事实，说明机器学习驱动的检测在设备上执行时是否以及在哪些情况下是负担得起的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

European Workshop on System Security

自引率

0.00%

发文量