Although mobile devices are globally omnipresent, security developments for these devices have not kept pace with their technological advancements. Thus, mobile devices are increasingly vulnerable to intrusions and malicious attacks. Gibraltar combats these growing threats by monitoring demands placed on battery current (mA) as well as correlating power and event activities, such as processes, open ports, and registry keys. This combination serves as an early warning tripwire-like sensor for mobile hosts, blocking as well as identifying attacks. The end state for Gibraltar is to provide a totally host-based proactive form of intrusion detection systems (IDS) that can be easily integrated into current network IDS to provide an enhancement in detecting, alerting and responding to various intrusions. This paper outlines the design, test, and build methodologies used to resolve attack-sensing and warning problems and discusses lessons learned.
展开▼
