A framework for knowledge-based temporal abstraction
Artificial Intelligence
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Maintaining knowledge about temporal intervals
Communications of the ACM
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Learning temporal patterns for anomaly intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
CAPSUL: A constraint-based specification of repeating patterns in time-oriented data
Annals of Mathematics and Artificial Intelligence
Enhancing profiles for anomaly detection using time granularities
Journal of Computer Security
Detection of Mobile Phone Fraud Using Supervised Neural Networks: A First Prototype
ICANN '97 Proceedings of the 7th International Conference on Artificial Neural Networks
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Denial-of-Service Attacks on Battery-powered Mobile Computers
PERCOM '04 Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04)
Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
Host-Based Intrusion Detection for Advanced Mobile Devices
AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 02
SmartSiren: virus detection and alert for smartphones
Proceedings of the 5th international conference on Mobile systems, applications and services
Mobile Device Profiling and Intrusion Detection Using Smart Batteries
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Measuring integrity on mobile phone systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Detecting energy-greedy anomalies and mobile malware variants
Proceedings of the 6th international conference on Mobile systems, applications, and services
Monitoring smartphones for anomaly detection
Mobile Networks and Applications
A mobile phone malicious software detection model with behavior checker
HSI'05 Proceedings of the 3rd international conference on Human Society@Internet: web and Communication Technologies and Internet-Related Social Issues
IDAMN: an intrusion detection architecture for mobile networks
IEEE Journal on Selected Areas in Communications
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Review: A framework for awareness maintenance
Journal of Network and Computer Applications
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
Editorial: Guest editorial: Special issue on data mining for information security
Information Sciences: an International Journal
Towards application-centric implicit authentication on smartphones
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
| Hi-index | 0.01 |
In this paper, a new approach for detecting previously unencountered malware targeting mobile device is proposed. In the proposed approach, time-stamped security data is continuously monitored within the target mobile device (i.e., smartphones, PDAs) and then processed by the knowledge-based temporal abstraction (KBTA) methodology. Using KBTA, continuously measured data (e.g., the number of sent SMSs) and events (e.g., software installation) are integrated with a mobile device security domain knowledge-base (i.e., an ontology for abstracting meaningful patterns from raw, time-oriented security data), to create higher level, time-oriented concepts and patterns, also known as temporal abstractions. Automatically-generated temporal abstractions are then monitored to detect suspicious temporal patterns and to issue an alert. These patterns are compatible with a set of predefined classes of malware as defined by a security expert (or the owner) employing a set of time and value constraints. The goal is to identify malicious behavior that other defensive technologies (e.g., antivirus or firewall) failed to detect. Since the abstraction derivation process is complex, the KBTA method was adapted for mobile devices that are limited in resources (i.e., CPU, memory, battery). To evaluate the proposed modified KBTA method a lightweight host-based intrusion detection system (HIDS), combined with central management capabilities for Android-based mobile phones, was developed. Evaluation results demonstrated the effectiveness of the new approach in detecting malicious applications on mobile devices (detection rate above 94% in most scenarios) and the feasibility of running such a system on mobile devices (CPU consumption was 3% on average).