A Specification Based Intrusion Detection Framework for Mobile Phones

Abstract: Abstract. With the fast growth of mobile market, we are now seeing more and more malware on mobile phones. One common pattern of many commonly found malware on mobile phones is that: the malware always attempts to access sensitive system services on the mobile phone in an unobtrusive and stealthy fashion. For example, the malware may send messages automatically or stealthily interface with the audio peripherals on the device without the user's awareness and authorization. To detect the unauthorized malicious b… Show more

“…The most closely related work to ours is the one proposed in [11]. It shares similar philosophy as ours.…”

“…This is because the pickpocket malware gets activated by user's playing the tictac-toe game, which already involves touch screen activity that can generate hardware interrupts. The difference between [11] and our work can be summarized as follows. [11] attempts to check whether there is (any) user activity whereas our goal is to check whether there is a special user-aware activity.…”

“…The difference between [11] and our work can be summarized as follows. [11] attempts to check whether there is (any) user activity whereas our goal is to check whether there is a special user-aware activity. So our approach provides more fine-grained access control to sensitive services and thus can detect even sophisticated malware.…”

“…It shares similar philosophy as ours. It utilizes whether there are hardware interruptions to differentiate pure software initiated action and human initiated action [11]. It aims at detecting malware specifically targeting SMS and audio services.…”

Tap-Wave-Rub: Lightweight Human Interaction Approach to Curb Emerging Smartphone Malware

“…The most closely related work to ours is the one proposed in [11]. It shares similar philosophy as ours.…”

“…This is because the pickpocket malware gets activated by user's playing the tictac-toe game, which already involves touch screen activity that can generate hardware interrupts. The difference between [11] and our work can be summarized as follows. [11] attempts to check whether there is (any) user activity whereas our goal is to check whether there is a special user-aware activity.…”

“…The difference between [11] and our work can be summarized as follows. [11] attempts to check whether there is (any) user activity whereas our goal is to check whether there is a special user-aware activity. So our approach provides more fine-grained access control to sensitive services and thus can detect even sophisticated malware.…”

“…It shares similar philosophy as ours. It utilizes whether there are hardware interruptions to differentiate pure software initiated action and human initiated action [11]. It aims at detecting malware specifically targeting SMS and audio services.…”

Tap-Wave-Rub: Lightweight Human Interaction Approach to Curb Emerging Smartphone Malware

“…Furthermore, specification-based IDSs were developed for specific use cases both for network-based (e.g., VoIP technologies [100], carrier Ethernet [101]) and host-based security (e.g., kernel dynamic data structures [102], mobile operating systems [103]). …”

Intrusion detection in networked control systems : from system knowledge to network security

Malware Forensics: Legacy Solutions, Recent Advances, and Future Challenges