A fusion architecture for mobile threats detection

摘要

Mobile devices are an appealing target for network threats, due to their wide connectivity that expose them to several typologies of attacks. Besides specific security applications like mobile antiviruses installed into the devices, countermeasures can also be taken at the mobile operator side, where both a greater amount of computational capabilities and management information are available. A powerful method for threats detection can be obtained by integrating several pieces of information in order to reduce the false alarm and the miss detection rates with respect to a single detector. In our proposal, every single node implements a threat detector, based on the Maximum a Posteriori (MAP) criterion on the information it collects, and all the local decisions are gathered by a fusion center. Three different fusion strategies are compared, both in case of uncorrelated and correlated local detectors: (i) an optimal one based on the MAP rule, (ii) a majority voting rule having the merit of simplicity and turning out to achieve reasonable performances in the special case of independent detectors with comparable accuracies, (iii) an adaptive linear combiner followed by an hard limiter.