ADroid: anomaly-based detection of malicious events in Android platforms

摘要

As mobile devices become more and more adopted by users for daily personal and professional activities, associated security risks and impact to them also increase. Although there are a number of proposals aimed at fighting against such incidents, the topic still remains challenging. This paper presents ADroid, a novel security tool for Android platforms with three main distinguishing characteristics. First, three groups of features are monitored over time: interfaces usage, application-related and communication-related features. Second, a lightweight anomaly-based detection procedure is performed over these features in order to determine the occurrence of unexpected abnormal activities. Third, the user can also create specific white/black lists to indicate in an easy way certain allowed/undesired activities which, if so, should trigger an alarm by the supervision system. ADroid has been implemented in a real environment and evaluated through experimentation. The detection accuracy exhibited and the resources consumption involved in its operation show the goodness and promising capabilities of the system.