Research Article
A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices
@INPROCEEDINGS{10.4108/eai.27-2-2017.152252, author={Toqeer Ali and Megat Farez Azril Zuhairi and Jawad Ali and Shahrulniza Musa and Mohammad Nauman}, title={A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices}, proceedings={First EAI International Conference on Computer Science and Engineering}, publisher={EAI}, proceedings_a={COMPSE}, year={2017}, month={2}, keywords={}, doi={10.4108/eai.27-2-2017.152252} }- Toqeer Ali
Megat Farez Azril Zuhairi
Jawad Ali
Shahrulniza Musa
Mohammad Nauman
Year: 2017
A Complete Behavioral Measurement and Reporting: Optimized for Mobile Devices
COMPSE
EAI
DOI: 10.4108/eai.27-2-2017.152252
Abstract
Security is an important factor in today's IT infrastructure due to complex and vast variety of malware threats. One way to tackle these malware is via signaturebased techniques. However, this requires human effort in identi cation of threats and is not scalable. The second way is to detect malware via behavior-based reference monitor so called `O-Day' malware. In this paper, we have optimized behavior-based tech-nique for a speci c use-case, based on today's enterprise requirement. We have built behavior-based light-weight reference monitor to measure and report a complete system call sequences as well as its arguments. The measurements are stored into Trusted Platform Module (TPM) pro-tected location. The reference monitor splits the sequences of system calls and its arguments. Arguments and their veri cation is performed inde-pendent of each other via machine learning techniques. The behavior monitor is designed and developed on the core Linux Security Module (LSM). The same monitor is also designed and developed for Android-based platform via a newly built architecture called Android Security Module (ASM).