Efficient Intrusion Detection and Prevention System to Protect Private Data Stored in Mobile Devices.

摘要

Mobile computing represents a revolutionary paradigm shift in the 21st century. Mobile security and in particular mobile phone security has become increasingly important in mobile computing. Modern portable computing systems are frequently carried in insecure locations, putting the sensitive information within at risk. In this thesis, we propose an efficient behavior-based intrusion detection and prevention system, where a normal user behavioral model is constructed. The mobile devices are secured by a set of protective actions that are taken when an attack is detected, i.e. when any deviation from the identified behavioral model is observed.;The user model is built from three different data sources: file system activities, network access, and spatio-temporal information. The proposed system tracks and analyzes user-specific access patterns utilizing K-means clustering of file system and network activities. The spatio-temporal information is used for user-motion pattern modeling by implementing the implicit Markov Chains algorithm. These models are used to detect an attack, which may produce anomalous patterns.;In this thesis, we provide a detailed description of the proposed low-power, multi-metric, client-server architecture leveraging a cloud computing concept, including client feature extraction techniques, client-server automated model generation, and intruder detection techniques. The proposed prevention techniques also provide the user with subsequent opportunities to authenticate by alternative means, such as user-PIN, biometrics, phone number, etc., whenever the security model flags user's authenticity as uncertain. Repeated failures to re-authenticate via escalated authentication mechanisms will result in system lock-up as a mean of preventing user's access.;The extensive experimental results documented in this work demonstrate that the proposed system provides the ability to distinguish between normal use and intrusion within 5 minutes with 89% detection accuracy rate for the joint file system activity and network access patterns, and within 15 minutes with 94% accuracy for the motion patterns.;An important aspect that is also considered is the energy-efficiency of the security solution. Specifically, we show how feature extraction and compression permit adequate energy efficiency for use in a wireless distributed system, typically composed of battery-powered clients. To further improve the system efficiency, a matrix-reduction algorithm is being applied; a notable contribution is the ability to significantly reduce the matrix-size while maintaining high adversarial context detection accuracy.;The security solution devised in this thesis is particularly beneficial for institutions that manage highly sensitive data, such as the Department of Defense, FBI, CIA, financial services institutions, medical institutions, universities and insurance companies, to name a few.