• No results found

EFFICIENT INTEGRITY PROTECTION FOR ANDROID MOBILE

N/A
N/A
Protected

Academic year: 2020

Share "EFFICIENT INTEGRITY PROTECTION FOR ANDROID MOBILE"

Copied!
6
0
0

Loading.... (view fulltext now)

Full text

(1)

Volume I, Issue IV, Aug - 2014

406

EFFICIENT INTEGRITY PROTECTION FOR ANDROID

MOBILE

Dr.C.Kumar Charliepaul G.Immanual Gnanadurai Principal Assistant professor / CSE

A.S.L Pauls College of Engg & Tech, Coimbatore. Dhaya College of Engineering, Madurai. [email protected] [email protected]

Abstract-Currently lot of studies regarding PC viruses and worms but very less effect has been done regarding the same issues in the mobile atmosphere. But high-speed growth of smart phone users it increasingly become the target of propagating viruses through the Bluetooth and Wi-Fi and reaches into the mobile networks. In a mobile viruses and malwares can cause privacy leakage, extra charges, and reduction of battery power, remote listening and accessing private short message and call history logs etc. Additionally they can scrape wireless servers by sending lot of spam messages or track user positions. In proposed system used a two layer network model for spreading virus through both Bluetooth and SMS/MMS. Our work addressed the effect of human behaviors, i.e., Operational behavior and Mobile behavior on virus propagation. In addition observe two strategies for avoid mobile virus propagation i.e., Pre immunization and Adaptive Dissemination strategies represent on the methodology of Autonomy-Oriented Computing. Here refer to these malware or viruses as cell-phone worms which are malicious codes that act vulnerability in cell-phone software and spread in networks through current services such as Bluetooth and Short / Multimedia Messaging Service (SMS/MMS). A user can be automatically exciting for various SPAM messages generated by the worm and the phone battery will be quickly tired. Many studies reported the damages of mobile viruses.

Keywords-Autonomy oriented computing,Malwares,Android platform

I.INTRODUCTION

Existing system propose and implement SEIP a simple and efficient but yet effective solution for the integrity protection of real-world cellular phone platforms which is motivated by the disadvantages of applying traditional integrity models on these performance and user experience constrained devices. The major security objective of SEIP is to protect trusted services and resources (e.g., those belonging to cellular service providers and device manufacturers) from third-party code. Propose a set of simple integrity protection rules based upon open mobile operating system environments and application behaviors. Our design leverages the unique features of mobile devices such as service convergence and limited permissions of user installed applications, and easily identifies the borderline between trusted and un trusted domains on mobile platforms. Our approach, thus, significantly simplifies policy specifications while still achieves a high assurance of platform integrity. SEIP is deployed within a commercially available Linux-based smart phone and demonstrates that it can effectively prevent certain malware. The security policy of our implementation is less than 20 KB, and a performance study shows that it is lightweight.

The method it can automatically detect and delete both Bluetooth and SMS virus before enter into the Smartphone operating system. Smartphone users can now perform many online tasks including web browsing, document editing, multimedia streaming, Internet banking and share the documents from one mobile to another through Bluetooth and SMS services. At the same time the growing use of smart phones for everyday life and business has been

attracting the awareness of malware writers whose aim is to theft data confidentiality, integrity and the ability to use handheld services. Examples of the most well-known threats to mobile phones include the Skull and Mabir worms targeting at android phone applications.

II.RELATED WORK

(2)

Volume I, Issue IV, Aug - 2014

407 unsurprisingly, the tight integration of Google’s Gmail, Calendar, and Contacts Web applications with system utilities. Android users simply supply a username and password, and their phones automatically synchronize with Google services. Other vendors are rapidly adapting their existing instant messaging, social networks, and gaming services to Android, and many enterprises are looking for ways to integrate their own internal operations into it as well.

Traditional desktop and server operating systems have struggled to securely integrate such personal and business applications and services on a single platform. Although doing so on a mobile platform such as Android remains nontrivial, many researchers hope it provides a clean slate devoid of the complications that legacy software can cause. Android doesn’t officially support applications developed for other platforms: applications execute on top of a Java middleware layer running on an embedded Linux kernel, so developers wishing to port their application to Android must use its custom user interface environment. Additionally, Android restricts application interaction to its special APIs by running each application as its own user identity. Although this controlled interaction has several beneficial security features, our experiences developing Android

applications have revealed that

designingsecureapplicationsisn’talwaysstraight forward. Android uses a simple permission label assignment model to restrict access to resources and other applications, but for reasons of necessity and convenience, its designers have added several potentially confusing refinements as the system has evolved. This article attempts to unmask the complexity of Android security and note some possible development pitfalls that occur when defining an application’s security. This work concludes by attempting to draw some lessons and identify opportunities for future enhancements that should aid in clarity and correctness.

Mobile users of computation and communication services have been rapidly adopting battery-powered mobile hand-held, such as PocketPCs and Smartphones, for their work. However, the limited battery-lifetime of these devices restricts their portability and applicability, and this weakness can be exacerbated by mobile malware targeting depletion of battery energy. Such malware are usually difficult to detect and prevent, and frequent outbreaks of new malware variants also reduce the effectiveness of commonly seen signature-based detection. To alleviate these problems, a power-aware malware-detection framework is proposed and that monitors, detects, and analyses previously unknown energy depletion threats.

The framework is composed of (1) a power monitorwhich collects power samples and builds a power consumption history from the collected samples, and (2) a data analyzerwhich generates a power signature from the constructed history. To generate a power signature, simple and effective noise filtering and data-compression are applied, thus reducing the detection overhead. Similarities between power signatures are measured by the Â2-distance, reducing both false-positive and false-negative detection

rates. According to our experimental results on an HP iPAQ running a Windows Mobile OS, the proposed framework achieves significant (up to 95%) storage-savings without losing the detection accuracy, and a 99% true-positive rate in classifying mobile malware.

Smartphones have recently become increasingly popular because they provide all-in-one" convenience by integrating traditional mobile phones with handheld computing devices. However, the flexibility of running third-party software’s also leaves the smartphones open to malicious viruses. In fact, hundreds of smartphone viruses have emerged in the past two years, which can quickly spread through various means such as SMS/MMS, Bluetooth and traditional IP-based applications. The implementations of two proof-of-concept viruses on Windows Mobile have confirmed the vulnerability of this popular smartphone platform.

Smart Siren has been presented for detecting virus and alert system for smartphones. In order to detectviruses,Smart Sirencollects the communication activity information from the smartphones, and performs joint analysis to detect both single-device and system-wide abnormal behaviors. In this proxy-based architecture is used to offload the processing burden from resource-constrained smartphones and simplify the collaboration among smartphones. When a potential virus is detected, the proxy quarantines the outbreak by sending targeted alerts to those immediately threatened smartphones. The feasibility of Smart Siren have been demonstratedthrough implementations on a Dopod 577w smartphone, and evaluated its effectiveness using simulations driven by 3-week SMS traces from a national cellular carrier. And then results show that Smart Sirencan effectively prevent wide-area virus outbreaks with affordable overhead.

(3)

Volume I, Issue IV, Aug - 2014

408 Existing mandatory access control systems for operating systems are difficult to use.Identify several principles for designing usable access control systems and introduce the Usable Mandatory Integrity Protection (UMIP) model that adds usable mandatory access control to operating systems. The UMIP model is designed to preserve system integrity in the face of network-based attacks. The usability goals for UMIP are twofold. First, configuring a UMIP system should not be more difficult than installing and configuring an operating system. Second, existing applications and common usage practices can still be used under UMIP. UMIP has several novel features to achieve these goals. For example, it introduces several concepts for expressing partial trust in programs. Furthermore, it leverages information in the existing discretionary access control mechanism to derive file labels for mandatory integrity protection.Implementation of UMIP model for Linux using the Linux Security Modules framework, and show that it is simple to configure, has low overhead, and effectively defends against a number of network-based attacks.

The rapid development of mobile phone networks has facilitated the need for better protection against malware. Malware detection is a core component of a security system protecting mobile networks. This paper describes a system for detecting malware within the network traffic using malware signatures. The system contains two key components. The first one automatically extracts a set of signatures from existing malware samples. Particularly reduce the number of signatures by using a common signature for a malware and its variants. And also minimize the total false alarm rate of malware detection by extracting signatures that are most uncommon within mobile network traffic. The second one is an efficient method that scans the network traffic using a hash table and sub-signature matching. Our evaluation on Symbian viruses show that our system detects existing malware and their new variants within the network traffic efficiently.

Policy-Reduced Integrity Measurement Architecture (PRIMA) is proposed based on information flow integrity. The recent availability of secure hardware has made it practical for a system to measure its own integrity, such that it can generate an integrity proof for remote parties. Various approaches have been proposed, but most simply measure the loaded code and static data to approximate runtime system integrity. These approaches suffer from two problems: (1) the load-time measurements of code alone do not accurately react runtime behaviors, such as the use of untrusted network data, and (2) they are inefficient, requiring all measured entities to be known and fully trusted even if they have no impact on the target application. Classical integrity models are based on information flow, so we design the PRIMA approach to enable measurement of information flow integrity and prove that it achieves these goals. And also prove how a remote party can verify useful information flow integrity properties using PRIMA.A PRIMA prototype has been built based on the open-source Linux Integrity Measurement Architecture (IMA) using SELinux policies to provide the information flow.

III.THE ANDROID PLATFORM

A smart phone keeps a variety of private information, such as location information, contents of the user’s address book, and the unique device identifier with the intention of decoupling the features of the device (i.e. banking through mobile, network right to use, the camera, susceptible information), and thus preserve protection, Android provides a framework which requires applications to have precise authorization accessing confidential resources.

Nevertheless, the Android authorization framework does not totally look after the user’s sensitive information applications or advertises with certain authorization combinations can transmit the user’s sensitive information to the remote servers using the network. While this information is generally used for besieged marketing, it can also be exposed and used by malicious parties without the real user’s consideration. Various methods employing tracking information flow and privilege partition have been used to address this problem.

Fig.1.Android Mobile Platform

(4)

Volume I, Issue IV, Aug - 2014

409 adequate accuracy for identifying sensitive information diffusions.

IV.PROPOSED APPROACH

1. SMS-Based Propagation Process

Social relationships are embodied in mobile networks based on the address books of smart phones. If a phone is infected by an SMS-based virus the virus automatically sends its copies to other phones based on the address book of the infected phone. When users receive a suspicious message from others they may open or delete it based on their own security awareness and knowledge about the risks of mobile viruses. Therefore the security awareness of mobile users is one of the main factors that determine SMS-based virus propagation. In our model simulate one type of operational behavior, i.e., whether or not a user opens a suspicious message. The probability of clicking on a suspicious attachment can be used to reflect and quantify the security awareness of a user. Analogous behavior has been used to simulate email virus propagation. If a user opens an infected message the phone of this user is infected and automatically sends viruses to all phones based on its address book.

1. If a user does not open an infected message, it is assumed that the user with higher security awareness deletes this infected message; 2. An infected phone sends out viruses to other

phones only once after which the infected phone will not send out viruses anymore. 3. If a phone is patched it will not send out

viruses even if a user opens an infected message.

2. BT-Based Propagation Process

Different from SMS-based viruses, if a phone is contaminated by a BT-based virus, it automatically pursuits another phone through available Bluetooth services within a particular range and then replicates the BT-based virus to that phone. Therefore users contact frequency and mobility patterns play key roles in BT-based virus propagation. In this model integrate a stochastic local infection dynamics among phones with the mobile behavior of each user in a geographical network taking into account prior research on human mobility. A BT based virus can only infect its geographically local neighbors with the same OS within a certain range. These Geographically local neighbors are homogeneous for a BT-based virus since an infected phone randomly selects a vulnerable phone as its target at a time.

3. Malware Detection Techniques

The task of detecting malware can be categorized into analysis, classification, detection and eventual containment of malware. Several classification techniques have been used in order to classify malware according to their instances and this has made it possible to recognize the type and activities of a malware and new variant. Analysis of malware has to do with identifying the instances of malware

by different classification schemes using the attributes of known malware characteristics. Malware detection has to do with the quick detection and validation of any instance of malware in order to prevent further damage to the system. The last part of the job is containment of the malware which involves effort at stopping escalation and preventing further damages to the system

V.PROJECT DESCRIPTION

1. The Natural System Identification

It can be viewed as the precursor to actual systems modeling and concerns the selection of an appropriate analogy from the natural and physical world. There are two tasks involved identify desired system behaviors and identify system parameters. Choosing the right analogy is the key to the success of the AOC-based system and the right system usually presents itself through its behaviors. Once an appropriate analogy is chosen details such as the number of entities to run and the length of time to run the simulation need to be decided.

2. The Artificial System Construction

It involves all elements in the AOC-based system. This phase is divided into two major sub-phases: autonomous entity modeling and environment modeling. The identify contributing entities task is the first and the most important task in this phase. Designers are required to choose the level of detail to be modeled that is appropriate to the problem at hand. The define neighborhood task defines a certain measurement (e.g., distance) in the solution space within which local interactions can occur and local information can be collected. The define entity representation task handles how to characterize an entity, including its states and goals etc. The last task concerning the entities, define local behaviors and behavioral rules, defines the ways in which an autonomous entity reacts to various information it has collected within its neighborhood and the ways in which it adapts its local behaviors and behavioral rules. The tasks that concern the environment are identifying environment characteristics and define environment representation. The former task concerns the role the environment plays in conveying the knowledge shared between the autonomous entities. The latter task addresses the characterization of the environment.

3. The Performance Measurement

(5)

Volume I, Issue IV, Aug - 2014

410 speed and scope. In this section, we describe two strategies to restrain SMS-based virus propagation.

4. Feature Selection In Machine Learning Applications

A large number of extracted features, some of which redundant or irrelevant present several problems such as misleading the learning algorithm over-fitting, reducing generality, and increasing model complexity and run-time. These adverse effects are even more crucial when applying Machine Learning methods on mobile devices since they are often restricted by processing and storage-capabilities as well as battery power. Applying fine feature selection in a preparatory stage enabled to use our malware detector more efficiently with a faster detection cycle.

5. Machine Learning for Behavioral Analysis

The evaluation of Machine Learning classifiers is typically split into two subsequent phases: training and testing. In the first phase a training-set of games and tools feature vectors is provided to the system. These feature vectors are collected during the activation of both game and tool applications. The representative feature vectors in the training set and the real class of each vector (as game/tool) are assumed to be known and enable to calibrate the detection algorithms (such as a Decision Trees, or Bayesian Network).

By processing these vectors the algorithm generates a trained classifier. During the testing phase a different collection (the testing-set) containing both game and tool applications feature vectors are classified by the trained classifier. In the testing phase the performance of the classifier is evaluated by extracting standard accuracy measures for classifiers. Thus it is necessary to know the real class of the feature vectors in the test-set in order to compare it real class with the class that was derived by the trained classifier.

Fig.2.Architecture Diagram

6. Strategy Output

The software has been built based on the techniques and different apps when installed are processed on it. The implementation of the mentioned model in the application. It reminds the fact that the applications being installed by the users on the android devices are processed scanned and the feedback is taken back from the user.

Detection Technology

Some countermeasures such as variance detection technologies have been proposed to protect user’s private information from being revealed to different users. Discriminated some of the malicious behaviors from normal operations by training a classifier based on the method of support vector machines. Have provided an approach to detecting both single-device and system-wide abnormal behaviors by collecting and sending communization data to remote servers in order to reduce the detection burden of phones. Although these abnormal detection technologies can help directly protect phones from being affected by certain viruses it is not easy to detect new viruses because the monitoring technologies must first be trained to recognize normal and abnormal operational behaviors. If any new virus produces some patterns these monitoring technologies cannot detect such virus. Hence challenging to detect a worm outbreak at the early stage unless both users and security companies frequently update their detection classifiers. Different from wired networks (e.g., computer networks) it is almost impossible to send patches to all phones simultaneously and timely.

Thus need new strategies to efficiently disseminate security notifications or patches to as many phones as possible with a relatively lower communication cost before a new virus spreads to a large population. In order to reduce communication redundancy, strategies that send patches based on Bluetooth is utilized. After which they send security signatures to all communities based on the local detection. However, this method cannot ensure that users acquire patches in time. In this paper, we examine the performance of an AOC-based pre-immunization strategy that selects some highly-connected phones and prevents a virus from turning into an epidemic. Furthermore, AOC-based dissemination strategy is designed that distributes security notifications or patches to smart phones with a low communication redundancy, in order to restrain virus propagation before it causes further infections.

VI.CONCLUSION

(6)

Volume I, Issue IV, Aug - 2014

411 viable with the large scale testing requirement to find real world performance. As Android malware evolves hence the effectiveness of these types of measures will decrease. The understanding of interactions between human behaviors and the propagation dynamics of mobile viruses would be helpful to send security notifications to multiple users in order to improve their security awareness, which can in turn to play a key role in restraining virus propagation.

FUTURE WORK

Can be enhanced the virus content of data’s enter into the smart phones through Bluetooth and SMS channels it automatically filter the virus and data separately and delete the virus but not the data.

REFERENCE

[1] Xinwen Zhang, Member, Jean-Pierre Seifert, Member,andOnurAciic¸mez, “Design and Implementation of Efficient Integrity Protection for Open Mobile Platforms”, [2014]. [2] Treys Technology, “SETools - Policy Analysis Tools for SELinux,” [2013].

[3] Krazit.T, “The Six Secrets to Mobile

Computing.Success,”CNET,http://news.cnet.com/8301-13579_3992921037.html,[2013].

[4] Enck.W,Ongtang.M,andMcDaniel.P,“Understanding Android Security,”IEEE Security and Privacy, vol. 7, no. 1, pp. 50-57, Jan.[2009].

[5] Kim, Smith.J, and Shin.K.G, “Detecting Energy-Greedy Anomalies and Mobile Malware Variants,” Proc. ACM MobiSys,[2008].

[6] Cheng.J,Wong.S,Yang.H,andLu.S,“Smart Siren: Virus DetectionSmartphones,”Proc.ACMConf.MobileSystems,Applicati ons,[2007].

[7].Hu.GandVenugopal.D,“AMalwareSignature Extraction and Detection Method Applied to Mobile Networks,” Proc. IEEE 26th Int’l Performance, Computing, and Comm. Conf., [2007].

[8] Li.N, Mao.Z, andChen.H, “Usable Mandatory Integrity Protections for Operating Systems,” Proc. IEEE Symp. Security and Privacy, [2007].

[9] Jaeger.T, Sailer.R, and Shankar.U, “PRIMA: Policy-ReducedIntegrityMeasurement Architecture, ”Proc. 11th ACM Symp. Access Control Models and Technologies (SACMAT), [2006].

[10] Shankar.U, Jaeger.T, and Sailer.R, “Toward Automated Information-Flow Integrity Verification for Security-Critical Applications, ”Proc. Network and Distributed Systems Security Symp.(NDSS), [2006].

Authors Biography:

Kumar Charlie Paul, Principal of A.S.L Pauls College of Engineering & Technology. Had did many National and International Conferences and published many papers in journals. He also guided many students for their Ph.D project works. Having more than 23 years of experience in teaching field.

References

Related documents

Taking up this call, this research on Canadian game developers, community or- ganizers, and others involved in indie games suggests that contemporary cultural pro- ducers locate

The research has the following main objectives: (1) to describe the degree of implementation of sustainability practices (in the environmental, economic, social

Keywords: data mining, frequent itemsets, association rules, algorithms MSC:

Primary outcomes were: percent- age of time walking and upright (amount); mean duration and number of walking periods (distribution); step regular- ity and gait symmetry (quality);

Although describing X and f is sufficient for formulating a problem model, in most problems of practical relevance the size | X | of the search space is large and, thus, the

A statistically significant negative correlation was dem- onstrated in the study cohort between the maternal serum PIGF levels, foetal heart rate (FHR), birth weight and length,

An analysis of the economic contribution of the software industry examined the effect of software activity on the Lebanese economy by measuring it in terms of output and value