A Survey on Security for Mobile Devices

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach

MBotCS: A mobile botnet detection system based on machine learning

As the use of mobile devices spreads dramatically, hackers have started making use of mobile botnets to steal user information or perform other malicious attacks. To address this problem, in this paper we propose a mobile botnet detection system, called MBotCS. MBotCS can detect mobile device traffic indicative of the presence of a mobile botnet based on prior training using machine learning techniques. Our approach has been evaluated using real mobile device traffic captured from Android mobile devices, running normal apps and mobile botnets. In the evaluation, we investigated the use of 5 machine learning classifier algorithms and a group of machine learning box algorithms with different validation schemes. We have also evaluated the effect of our approach with respect to its effect on the overall performance and battery consumption of mobile devices

SmartMal: A Service-Oriented Behavioral Malware Detection Framework for Mobile Devices

This paper presents SmartMal—a novel service-oriented behavioral malware detection framework for vehicular and mobile devices. The highlight of SmartMal is to introduce service-oriented architecture (SOA) concepts and behavior analysis into the malware detection paradigms. The proposed framework relies on client-server architecture, the client continuously extracts various features and transfers them to the server, and the server’s main task is to detect anomalies using state-of-art detection algorithms. Multiple distributed servers simultaneously analyze the feature vector using various detectors and information fusion is used to concatenate the results of detectors. We also propose a cycle-based statistical approach for mobile device anomaly detection. We accomplish this by analyzing the users’ regular usage patterns. Empirical results suggest that the proposed framework and novel anomaly detection algorithm are highly effective in detecting malware on Android devices

Response-based methods to measure road surface irregularity: a state-of-the-art review

"jats:sec" "jats:title"Purpose"/jats:title" "jats:p"With the development of smart technologies, Internet of Things and inexpensive onboard sensors, many response-based methods to evaluate road surface conditions have emerged in the recent decade. Various techniques and systems have been developed to measure road profiles and detect road anomalies for multiple purposes such as expedient maintenance of pavements and adaptive control of vehicle dynamics to improve ride comfort and ride handling. A holistic review of studies into modern response-based techniques for road pavement applications is found to be lacking. Herein, the focus of this article is threefold: to provide an overview of the state-of-the-art response-based methods, to highlight key differences between methods and thereby to propose key focus areas for future research."/jats:p" "/jats:sec" "jats:sec" "jats:title"Methods"/jats:title" "jats:p"Available articles regarding response-based methods to measure road surface condition were collected mainly from “Scopus” database and partially from “Google Scholar”. The search period is limited to the recent 15 years. Among the 130 reviewed documents, 37% are for road profile reconstruction, 39% for pothole detection and the remaining 24% for roughness index estimation."/jats:p" "/jats:sec" "jats:sec" "jats:title"Results"/jats:title" "jats:p"The results show that machine-learning techniques/data-driven methods have been used intensively with promising results but the disadvantages on data dependence have limited its application in some instances as compared to analytical/data processing methods. Recent algorithms to reconstruct/estimate road profiles are based mainly on passive suspension and quarter-vehicle-model, utilise fewer key parameters, being independent on speed variation and less computation for real-time/online applications. On the other hand, algorithms for pothole detection and road roughness index estimation are increasingly focusing on GPS accuracy, data aggregation and crowdsourcing platform for large-scale application. However, a novel and comprehensive system that is comparable to existing International Roughness Index and conventional Pavement Management System is still lacking."/jats:p" "/jats:sec Document type: Articl

Detection of repackaged mobile applications through a collaborative approach

none4noRepackaged applications are based on genuine applications, but they subtlety include some modifications. In particular, trojanized applications are one of the most dangerous threats for smartphones. Malware code may be hidden inside applications to access private data or to leak user credit. In this paper, we propose a contract-based approach to detect such repackaged applications, where a contract specifies the set of legal actions that can be performed by an application. Current methods to generate contracts lack information from real usage scenarios, thus being inaccurate and too coarse-grained. This may result either in generating too many false positives or in missing misbehaviors when verifying the compliance between the application and the contract. In the proposed framework, application contracts are generated dynamically by a central server merging execution traces collected and shared continuously by collaborative users executing the application. More precisely, quantitative information extracted from execution traces is used to define a contract describing the expected application behavior, which is deployed to the cooperating users. Then, every user can use the received contract to check whether the related application is either genuine or repackaged. Such a verification is based on an enforcement mechanism that monitors the application execution at run-time and compares it against the contract through statistical tests.openAlessandro Aldini; Fabio Martinelli; Andrea Saracino; Daniele SgandurraAldini, Alessandro; Fabio, Martinelli; Andrea, Saracino; Daniele, Sgandurr

Enforcing Application Security on Android Mobile Devices

Security in new generation mobile devices is currently a problem of capital importance. Smartphones and tablets have become extremely popular in the last years, especially in developed country where smartphones and tablets account for 95% of active mobile devices. Due to their popularity, these devices have fast drawn the attention of malicious developers. Attackers have started to implement and distribute applications able to harm user’s privacy, user’s money and even device and data integrity. Malicious developers have cleverly exploited the simplicity of app distribution, the sensitivity of information and operation accessible through mobile devices, together with the user limited attention to security issues. This thesis presents the study, design and implementation of a multi-component security framework for the popular Android operative system. The aim of this thesis is to provide a lightweight and user friendly security tool, extensible and modular, able to tackle current and future security threats on Android devices. The framework exploits white list-based methodologies to detect at runtime malicious behaviors of application, without being prone to the problem of zero-day-attacks (i.e. new threats not yet discovered by the community). The white-list approach is combined with a black-list security enforcement, to reduce the likelihood of false alarms and to tackle known misbehaviors before they effectively take place. Moreover the framework also combines static and dynamic analysis. It exploits probabilistic contract theory and app metadata to detect dangerous applications before they are installed (static analysis). Furthermore, detects and stop malicious kernel level events and API calls issued by applications at runtime (dynamic analysis), to avoid harm to user and her device. The framework is configurable and can be both totally transparent to the user, or have a stronger interaction when the user is more interested in a security awareness of her device. The presented security framework has been extensively tested against a testbed of more than 12000 applications including two large Android malware databases. Detection rate (95%) and false positive rate (1 per day) prove the effectiveness of the presented framework. Furthermore, a study of usability which includes energy evaluation and more than 200 user feedback is presented. These results show both the limited overhead (4% battery, 1.4% performance) imposed by the framework and the good user acceptance