Protego: A passive intrusion detection system for Android smartphones

摘要

With the proliferation of smartphones, the security threats have correspondingly increased. Although some form of security mechanisms like authentication and encryption have been provided on platforms such as Android, these alone cannot mitigate all the forms of threats. Thus, the need for an intrusion detection system for smartphones has become immensely important. In this project, we capitalize on earlier approaches of host-based intrusion detection systems and behavior-based intrusion detection systems for Android smartphones to design and implement a host-based, behavior-based passive intrusion detection system, Protego, for Android smartphones. There are two versions - static and dynamic, each with its own novel approach. The static version of Protego improves predictive performance by implementing feature reduction, thus increasing classifier accuracy significantly. The novelty of dynamic approach is that it analyzes live traffic with a minimum delay (in the order of milliseconds). This opens up a variety of use cases for our system, especially in the business world where information security on smartphones is of utmost importance. We have illustrated this by also extending Protego to devise a solution for BYOD (bring your own device), a growing trend in the corporate world, by using the IDS to detect other malicious activities like peer-to-peer traffic from torrent clients.