Design and Implementation of an Android Host-based Intrusion Prevention System
Mingshen Sun, Min Zheng, John C.S. Lui, and Xuxian Jiang
The 30th Annual Computer Security Applications Conference, ACSAC '14.
Availability:
- Published paper
- Conference slides
- Demonstration video: bypassing an Android HIPS product
Abstract. Android has a dominating share in the mobile market and there is a significant rise of mobile malware targeting Android devices. Android malware accounted for 97% of all mobile threats in 2013. To protect smartphones and prevent privacy leakage, companies have implemented various host-based intrusion prevention systems (HIPS) on their Android devices. In this paper, we first analyze the implementations, strengths and weaknesses of three popular HIPS architectures. We demonstrate a severe loophole and weakness of an existing popular HIPS product in which hackers can readily exploit. Then we present a design and implementation of a secure and extensible HIPS platform—"Patronus." Patronus not only provides intrusion prevention without the need to modify the Android system, it can also dynamically detect existing malware based on runtime information. We propose a two-phase dynamic detection algorithm for detecting running malware. Our experiments show that Patronus can prevent the intrusive behaviors efficiently and detect malware accurately with a very low performance overhead and power consumption.
BibTeX Record:
@inproceedings{sun2014design,
author = {Sun, Mingshen and Zheng, Min and Lui, John C.S. and Jiang, Xuxian},
title = {Design and Implementation of an Android Host-based Intrusion Prevention System},
booktitle = {Proceedings of the 30th Annual Computer Security Applications Conference},
series = {ACSAC '14},
year = {2014},
isbn = {978-1-4503-3005-3},
location = {New Orleans, Louisiana, USA},
pages = {226--235},
numpages = {10},
url = {http://doi.acm.org/10.1145/2664243.2664245},
doi = {10.1145/2664243.2664245},
acmid = {2664245},
publisher = {ACM},
address = {New York, NY, USA},
}
