Attack Detection Application with Attack Tree for Mobile System using Log Analysis
- 229 Downloads
Recently, the use of smart phones has greatly increased because of the development of cheap high-performance hardware. The biggest threat to a smart phone user is the loss of his/her personal information by an attacker. To protect a user’s information from these threats, an attack detection application for the Android OS is proposed and developed, in which the detection system is comprised of two phases: the mobile detection system pre-phase and post-phase. The pre-phase includes the steps performed before an attack occurs for the comparison and analysis step of the post-phase, and the post-phase includes the steps performed to detect malware using an attack tree with level assignments from the post-phase. Three classes, interception, modification, and system damage, are defined to classify attacks to determine the attacker’s purpose. When an attack occurs, the application can recognize what kind of route the mobile attack goes through by comparing and analyzing the attack tree from the pre-phase and current attack data in the post-phase. Attack trees are used to easily extract attack scenarios and determine when an attack is occurring. We expect that using the proposed application will protect a user’s personal information on a mobile system.
KeywordsAttack tree Log analysis Attack detection Android Smishing Backdoor
This work was supported by the Defense Acquisition Program Administration and Agency for Defense Development under the contract UD160066BD.
- 1.Skogberg B (2010) Android application development. Dissertation, Malmö University, SwedenGoogle Scholar
- 2.Canfora G, Medvet E, Mercaldo F, Visaggio CA (2015) Detecting android malware using sequences of system calls. In: Proceedings of the 3rd international workshop on software development lifecycle for mobile. ACM, pp 13–20Google Scholar
- 3.Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: 2012 I.E. symposium on security and privacy (SP) pp 95–109Google Scholar
- 4.Berthome P, Fecherolle T, Guilloteau N, Lalande JF (2012) Repackaging android applications for auditing access to private data. In: 2012 I.E. seventh international conference on availability, reliability and security (ARES) pp 388–396Google Scholar
- 5.Yan LK, Yin H (2012) DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX security symposium pp 569–584Google Scholar
- 6.Guo M, Wang JA (2009) An ontology-based approach to model common vulnerabilities and exposures in information security. In: 2009 ASEE Southeast section conferenceGoogle Scholar
- 7.Kirda E, Kruegel C (2005) Protecting users against phishing attacks with antiphish. In: 2005 I.E. 29th annual international on computer software and applications conference (COMPSAC) vol. 1, pp 517–524Google Scholar
- 8.Weaver G, Furr A, Norton R (2016) Deception of phishing: studying the techniques of social engineering by analyzing modern-day phishing attacks on Universities. Thesis, Auburn UniversityGoogle Scholar
- 9.Elham S, Arastouie (2011) Backdoor detection system using artificial neural network and genetic algorithm. In: 2011 international conference on computational and information sciences (ICCIS), pp 817–820Google Scholar
- 10.Joo JW, Moon SY, Singh S, Park JH (2016) S-detector: an enhanced security model for detecting smishing attack for mobile computing. Telecommun Syst 66:29–38Google Scholar