First EAI International Conference on Computer Science and Engineering

Research Article

A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices

Download594 downloads
  • @INPROCEEDINGS{10.4108/eai.27-2-2017.152252,
        author={Toqeer Ali and Megat Farez Azril Zuhairi and Jawad Ali and Shahrulniza Musa and Mohammad Nauman},
        title={A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices},
        proceedings={First EAI International Conference on Computer Science and Engineering},
        publisher={EAI},
        proceedings_a={COMPSE},
        year={2017},
        month={2},
        keywords={},
        doi={10.4108/eai.27-2-2017.152252}
    }
    
  • Toqeer Ali
    Megat Farez Azril Zuhairi
    Jawad Ali
    Shahrulniza Musa
    Mohammad Nauman
    Year: 2017
    A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices
    COMPSE
    EAI
    DOI: 10.4108/eai.27-2-2017.152252
Toqeer Ali1,*, Megat Farez Azril Zuhairi1, Jawad Ali2, Shahrulniza Musa1, Mohammad Nauman3
  • 1: Malaysian Institute of Information Technology, Universiti Kuala Lumpur
  • 2: Islamic University of Madinah, Madinah, Saudi Arabia
  • 3: Max Planck Institute for Software Systems, Germany,
*Contact email: toqeer@iu.edu.sa

Abstract

Security is an important factor in today's IT infrastructure due to complex and vast variety of malware threats. One way to tackle these malware is via signaturebased techniques. However, this requires human effort in identi cation of threats and is not scalable. The second way is to detect malware via behavior-based reference monitor so called `O-Day' malware. In this paper, we have optimized behavior-based tech-nique for a speci c use-case, based on today's enterprise requirement. We have built behavior-based light-weight reference monitor to measure and report a complete system call sequences as well as its arguments. The measurements are stored into Trusted Platform Module (TPM) pro-tected location. The reference monitor splits the sequences of system calls and its arguments. Arguments and their veri cation is performed inde-pendent of each other via machine learning techniques. The behavior monitor is designed and developed on the core Linux Security Module (LSM). The same monitor is also designed and developed for Android-based platform via a newly built architecture called Android Security Module (ASM).