80 likes | 176 Views
KB-IDS - Prototype Knowledge-based Temporal Abstraction Host-based Intrusion Detection System for Android. Version 1.0 Team members: Uri Kanonov , Elad Ankry , Eliya Rahamim May 11 th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai.
E N D
KB-IDS - PrototypeKnowledge-basedTemporalAbstraction Host-based Intrusion Detection System for Android Version 1.0 Team members: Uri Kanonov, EladAnkry, EliyaRahamimMay 11th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: AsafShabtai Securing Android-based Devices T+9
Graphical User Interface Global system architecture Feature Extractors SQLite Agent Service Application Level Loggers Processor Manager Operating System Scheduling Configuration Manager Alert Handler Feature Manager Threat Weighting Unit Memory Communication layer Keyboard Network Hardware Processors Power Linux Kernel KBTA … Application Framework NetProtect Securing Android-based Devices T+9
KBTA-ProcessorImplemented • Ontology • Loading • Storage • Handled Elements • Primitives • Events • State • Context • Computation • KBTA-Service (Incremental Abstraction) • Monitoring • Alerts definition • Loading from XML • Storage • Monitoring Abstractions • Communication with the TWU Securing Android-based Devices T+9
KBTA-ProcessorRemaining • Handled Elements • Trend • Pattern • Context destruction • Processor setting screen • Sending of monitored elements to NetProtect Securing Android-based Devices T+9
Overview of the KBTA Algorithm • Time-Stamped Raw Data: • - Primitive Parameters • - Events • Higher Level Meaningful Temporal Information: • - Contexts • - Abstractions (Trends, States) • - Temporal Patterns Knowledge (KBTA Security ontology) • Four inference mechanisms: • - Temporal Context Forming • - Contemporaneous Abstraction • - Temporal Interpolation • - Temporal Pattern Matching Securing Android-based Devices T+9
Amount of non-system applications with the Camera permission Demonstration Scenario #1 Legend Perm_Camera Primitive Context Many_Apps_With_Camera_Permission State Amount of pictures taken in the last 2 minutes Alert Camera Camera_Abuse Camera_Usage Securing Android-based Devices T+9
Demonstration Scenario #2 Garbage_Collections Running _Processes Minor_Page_Faults Amount_of_Processes_High Context_Switches Minor_Page_Faults_Level Garbage_Collections_Level CPU_Usage Context_Switches_Level System_Load_level Abnormal System Load High_CPU_Usage Securing Android-based Devices T+9