Behaviour based anomaly detection system for smartphones using machine learning algorithm

In this research, we propose a novel, platform independent behaviour-based anomaly detection system for smartphones. The fundamental premise of this system is that every smartphone user has unique usage patterns. By modelling these patterns into a profile we can uniquely identify users. To evaluate this hypothesis, we conducted an experiment in which a data collection application was developed to accumulate real-life dataset consisting of application usage statistics, various system metrics and contextual information from smartphones. Descriptive statistical analysis was performed on our dataset to identify patterns of dissimilarity in smartphone usage of the participants of our experiment. Following this analysis, a Machine Learning algorithm was applied on the dataset to create a baseline usage profile for each participant. These profiles were compared to monitor deviations from baseline in a series of tests that we conducted, to determine the profiling accuracy. In the first test, seven day smartphone usage data consisting of eight features and an observation interval of one hour was used and an accuracy range of 73.41% to 100% was achieved. In this test, 8 out 10 user profiles were more than 95% accurate. The second test, utilised the entire dataset and achieved average accuracy of 44.50% to 95.48%. Not only these results are very promising in differentiating participants based on their usage, the implications of this research are far reaching as our system can also be extended to provide transparent, continuous user authentication on smartphones or work as a risk scoring engine for other Intrusion Detection System

Understanding the Root of Attack in Android Malware

With the rapid technology of mobile device and fast development of Android versions, Android malware has emerged and become a focus in current research. Security and privacy became the main issues in android malware. Therefore, it is essential to understand the behavior of Android malware in order to conceive an effective technique in malware detection and analysis. This article presents a comprehensive study regarding Android platform, its feature in android malware code and also discusses the result from previous study in order to support forward-looking in Android study

An Efficient Sieve Technique In Mobile Malware Detection

Proliferation of mobile devices in the market has radically changed the way people handle their daily life activities.Rapid growth of mobile device technology has enabled users to use mobile device for various purposes such as web browsing,ubiquitous services,social networking,MMS and many more.Nowadays,Google’s Android Operating System has become the most popular choice of operating system for mobile devices since Android is an open source and easy to use.This scenario has also ignited possibility of malicious programs to exploit mobile devices and consequently expose any sensitive transaction made by the user.A malware ability to quickly evolve has made mobile malware detection a more complex. Antivirus and signature based IDS require a constant signature database update to keep up with the new malware,thus exhausting a mobile device’s resources.Even though,an anomaly-based detection can overcome this matter,an anomaly detection still produces a high amount of false alarms.Therefore,this research aims to improve Mobile Malware Detection by improving the accuracy,True Positive and True Negative as well as minimizing the False Positive rate using an n-gram system call sequence approach and a sieve technique.This research analyses the behaviour and traces of mobile malware application activity dynamically as mobile malware is executed on a mobile platform.Analysis done on mobile malware activity shows behaviour and traces of benign and malicious mobile applications are able to be distinctively classified through invocation of system call to a kernel level system by a mobile application.However,an n-gram system call sequence generated by this approach can contribute to a large amount of logged features that can consume a mobile device’s memory and storage.Hence this research, introduces a sieve technique in Mobile Malware Detection process in order to search for an optimum set of n-gram system call.In order to evaluate the performance of the proposed approach Accuracy,True Positive Rate,True Negative Rate,False Positive Rate and Receiver Operating Characteristic curve are measured with dataset of mobile malware from Malware Gnome Project and benign mobile application from Google Play Store.The experiment finding indicates the 3-gram system call sequence is capable of improving Mobile Malware Detection performance in terms of accuracy as well as minimizing the false alert.Whereas the sieve technique is able to reduce number of ngram system call features and providing an optimize 3-gram system call sequence features.The outcome indicate that a Mobile Malware Detection using 3-gram system call sequence as features and sieve technique is able to be used in improving a Mobile Malware Detection in classifying the benign and malicious mobile applications. The evaluation and validation shows that a Mobile Malware Detection using 3-gram system call sequence with sieve technique improve the classification performance.As a conclusion the 3-gram system call sequence Mobile Malware Detection with sieve technique is capable of classifying the benign and malicious mobile application more accurately and at the same time minimizing the false alarm

Ensemble Method for Mobile Malware Detection using N-Gram Sequences of System Calls

Mobile device has become an essential tool among the community across the globe and has turned into a necessity in daily life. An extensive usage of mobile devices for everyday life tasks such as online banking, online shopping and exchanging e-mails has enable mobile devices to become data storage for users. The data stored in these mobile devices can contain sensitive and critical information to the users. Hence, making mobile devices as the prime target for cybercriminal. To date, Android based mobile devices is one of the mobile devices that are dominating the phone market. Moreover, the ease of use and open-source feature has made Android based mobile devices popular. However, the widely used Android mobile devices has encourage malware author to write malicious application. In a short duration of time mobile malware has rapidly evolve and have the capability to bypass signature detection approach which requires a constant signature update to detect mobile malware. To overcome this drawback an anomaly detection approach can be used to mitigate this issue. Yet, using a single classifier in an anomaly detection approach will not improve the classification detection performance. Based on this reason, this research formulates an ensemble classification method of different n-gram system call sequence features to improve the accuracy of mobile malware detection. This research proposes n-number of classifier models for each different n-gram sequence call feature. The probability output of each classifier is then combined to produce a better classification performance which is better compared to a single classifier

PIndroid: A novel Android malware detection system using ensemble learning methods

The extensive use of smartphones has been a major driving force behind a drastic increase of malware attacks. Covert techniques used by the malware make them hard to detect with signature based methods. In this paper, we present PIndroid – a novel Permissions and Intents based framework for identifying Android malware apps. To the best of our knowledge, PIndroid is the first solution that uses a combination of permissions and intents supplemented with Ensemble methods for accurate malware detection. The proposed approach, when applied to 1,745 real world applications, provides 99.8% accuracy (which is best reported to date). Empirical results suggest that the proposed framework is effective in detection of malware apps

Fog computing security: a review of current applications and security solutions

Fog computing is a new paradigm that extends the Cloud platform model by providing computing resources on the edges of a network. It can be described as a cloud-like platform having similar data, computation, storage and application services, but is fundamentally different in that it is decentralized. In addition, Fog systems are capable of processing large amounts of data locally, operate on-premise, are fully portable, and can be installed on heterogeneous hardware. These features make the Fog platform highly suitable for time and location-sensitive applications. For example, Internet of Things (IoT) devices are required to quickly process a large amount of data. This wide range of functionality driven applications intensifies many security issues regarding data, virtualization, segregation, network, malware and monitoring. This paper surveys existing literature on Fog computing applications to identify common security gaps. Similar technologies like Edge computing, Cloudlets and Micro-data centres have also been included to provide a holistic review process. The majority of Fog applications are motivated by the desire for functionality and end-user requirements, while the security aspects are often ignored or considered as an afterthought. This paper also determines the impact of those security issues and possible solutions, providing future security-relevant directions to those responsible for designing, developing, and maintaining Fog systems