Work-Flow. The following is the table of the performance comparison; Experiments were taken on Samsung Galaxy Y

Size: px

Start display at page:

Download "Work-Flow. The following is the table of the performance comparison; Experiments were taken on Samsung Galaxy Y"

Dorthy Stafford
7 years ago
Views:

1 Section one Work-Flow Studied and Performed experiments with three anti-virus (attackdetection) softwares namely AVG Anti-Virus Lookout Anti-Virus Bitdefender Anti-Virus The following is the table of the performance comparison; Experiments were taken on Samsung Galaxy Y No. of Apps Time Battery Power AVG mins 21.00% Lookout mins 35.00% Bitfinder mins 29.00% Perfromance Comparison Advantages : Easy to install on most of the phones Detect well known virus and trojans etc. Disadvantages : Can't detect zero-day attacks. Zero-day attack : It is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. Signature-Based : In such approach, new virus cannot be detected till we get the signature of that, which may need 48 hours or so atleast. So the device will be vulnerable to the attack atleast for 2 days. Can detect virus, trojans. But not able to protect the stealing of data. Slow and battery consuming.

2 Section Two For speeding up the process and saving battery, We can put the replica of the device on the remote server and can apply attack detection mechanism on the there. We studied the paper Paranoid Android: Versatile Protection For Smartphones for the same purpose. In this paper, the model is proposed to create the replica of the device on the server. This can be done with the help of a tracer application on the device and the replayer on the server. Advantages : By following this model, we can save battery power as well as we can save time. The device has too many constraints as compare to the server, so we can apply more attack detection mechanism which cannot be supported on device. Disadvantages : First three disadvantages of Section one holds

3 Section Three For removing the the first two disadvantages, We need a behaviorbased approach to detect the malware. In behavior-based appraoch, some machine learning techniques are applied to the training data and check whether the behavior of the system is normal or malicious. We studied the following papers based on this approach Crowdroid : Behavior-Based Malware Detection System for Android Andromaly : a behavioral malware detection framework for android devices Both the paper follow the method of K-mean Clustering We are studying the K-mean algorithm as it has its own advantages and disadvantages We also read a very similar paper Permission-Based Android Malware Detection In this paper also, they have given the disadvantages of K-mean clustering which are Very sensitive to noise, mixed pixels and outliers Limit the application to only numerical variables Anomaly type of data is not eliminated if the overlapping is found We are still studying the above mentioned disadvantages In the model proposed by this paper, decision tree classifiers are used to classify each cluster

4 We are studying all the possible Machine learning techniques proposed by above three papers In all above models, if the abnormal behavior of any application is found, the alert will be given to the user or the application will be aborted depending on the severeness of the abnormal behavior We also read one paper Enhancing Security of Linux-based Android Devices In this paper is given the well-known tools for Linux Community which can be used for security purpose of Android with slight or no modifications Other than this the paper proposed their own model to find the anomaly in the device based on events occuring in the device

5 Section four We have proposed the TISSA model for the Permission Model of Android to prtect the stealing of private information in Stage I We also promise to give the run-time control to the user We have implemented the TISSA model for following five permissions GET_TASKS GET_ACCOUNTS READ_SMS READ_PROFILE CHANGE_CONFIGURATION We have also incorporated our model in the settings tab as suggested by Nagesh sir We are working on the run-time control mechanism of our model What TISSA gives us is the running of application as normal as possible without giving it the full fledged permission which were asked at the run time We can work on the last point of the Section three Instead of aborting the application, we can give alert to the user that the behavior of a particular application is abnormal and these are the permissions asked by this application at the installation time We can ask user whether he wants to change the permission using TISSA if he thinks that is the reason for abnormal behavior But in case, the user is not sure, he can always abort the application

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat. Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the