Intrusion Detection Systems For Smartphone Security Enhancements

Published Date: 02 Nov 2017

Abstract:

Mobile becomes a necessary element in our daily basis. Many communication companies and business organization have shifted to manage their task and resources using Smartphone's capability. Although, the Smartphone has many capabilities that serve its users in different areas, but it is still not efficient, effective, and secure to perform confidential transactions. Due to the explosive increase of network security violation and threats, major study and analysis should be performed to secure the confidentiality and privacy of data transmission against intrusions and attacks. The protection of data transmission in a crucial condition requires secure and robust detection system to ensure data transfers without being exposed or intruded by a third party. Specifically intrusion into Smartphone communication and transaction is significantly affecting the reliability of data transfer and security. The security in Smartphone has not received many attentions. Hence in proposed system significantly ensures the security of Smartphone's users and to enhance the current intrusion detection and prevention systems for more secure and reliable data transmission as well as efficient group communications and transactions.

Introduction

A Smartphone is a new technology mobile phone  which basicalley works with a mobile operating system, with more advanced operating capability and connectivity than a feature phone.[1] while Smartphone were entered into the market with combined the functions of a personal digital assistant (PDA) with a mobile phone. Nowadays the Smartphone added the functionality of media file support, low-end compact digital cameras, pocket video cameras, and GPS navigation units to form one multi-purpose device. Many modern Smartphone also include high-resolution touch-screens and web browsers that display standard web pages as well as mobile-optimized sites. High-speed data access is provided by Wi-Fi and mobile broadband. In recent years, the rapid development and innovation of mobile app-markets and of mobile commerce have been drivers of Smartphone adoption.[2]

Types

The mobile operating systems (OS) used by modern Smartphones include Google's Android, Apple's iOS, Nokia's Symbian, RIM's BlackBerry OS, Samsung's Bada, Microsoft's WindowsPhone, Hewlett-Packard's webOS, and embedded Linux distributions such as Maemo and MeeGo. Such operating systems can be installed on many different phone models, and typically each device can receive multiple OS software updates over its lifetime. A few other upcoming operating systems are Mozilla's Firefox OS and Canonical Ltd.'sUbuntu Phone.

Network Protocols

Smartphone are also use cell-phone network technology only for sending and receiveing data (such as phone calls, web browsing, file transfers, etc.). Developers classify this technology into generations. The first generation developed the analog cell phone technology. Later Digital cell phones require more advanced protocols, which constitute the second generation. After long gap between two and three generation the network engineers created protocols that are more advanced than generation two’s digital technology but still that innovations are also not so innovative that they are a truly new generation. Developers refer to these protocols as generation 2.5. This generation includes several primal Smartphone protocols, behalf of that innovation still we are using some of the protocols

General Packet Radio Services (GPRS) is a wireless, packet-based communication service and until we are recently using these technology nowadays 2.5G protocol used in most of the Smartphone. Unlike a circuit-switched voice connection, this is a packet-switched, "always on" connection that remains active as long as the phone is within range of the service. It allows Smartphone to do things like run applications remotely over a network, interface with the Internet, participate in messenger sessions, act as a wireless modem for a computer and transmit and receive e-mails. GPRS can send and receive data at a rate of 114 kilobytes per second. Some Smartphone in the United States still use this protocol, though newer, faster protocols are available

One protocol that is faster than GPRS used in the U.S. market is Enhanced Data GSM Environment (EDGE). EDGE can transmit data at more than three times the rate of GPRS (384 Kbps). Basically many Smartphone in the United States and developing countries are now using EDGE protocol [7]. Still, these protocols are only generation 2.5. Generation three (3G) is the latest in network communication technology. Protocols in 3G transmit data in terms of megabytes per second rather than kilobytes (some as fast as 10 Mbps). While some U.S. carriers support 3G protocols, many still rely on 2.5G technology. Europe and Asia have much stronger 3G integration in their respective cell phone networks. Some 3G protocols are:

Universal Mobile Telecommunication Service (UMTS)

Wideband Code-Division Multiple Access (WCDMA)

High-Speed Downlink Packet Access (HSDPA)

Evolution Data Maximized (EVDO)

C:\Documents and Settings\Ajay Louis\My Documents\My Pictures\untitled.JPG

Figure 1.1 Performance for mobile core

Problems Encountered

As usage of Smartphone increases, these devices become more challenge to attackers who try to strike them with malicious software (malware).Smartphone security literature suggests that Smartphone malware can be written even by average developers.[3] basically the Smartphone have not full-fledged security orand also no security mechanisms, such as app kill switch (aka remote app removal), review process for their content, etc. Often malware is obscure in pirated versions of countenance apps, which are then distributed through 3rd party app stores. Malware risk also comes from what's known as an "update attack," where a legitimate application is later changed to include a malware component, which users then install when they are notified that the app has been updated. Additionally, the ability to acquire software directly from links on the web results in a distribution vector called "malvertizing," where users are directed to click on links, such as on ads that look legitimate, which then open in the device's web browser and cause malware to be downloaded and installed automatically.[4].

Solution

For communication and data transmission with full secured manner the Introducing intrusion detection system (ids) can be adjuvant. These system should be provided to observe any malicious events on the phone. Intrusion detection system has a powerful impact in providing in-depth a necessary layer protection in networks either ad hoc networks or wireless sensor networks. The unusual events and network administrator of the occurred events can be deducted by IDS. In Other words, intrusion detection system has been generally defined as a piece of installed software either hardware that monitors network traffic in order to detect unwanted activity and events such as illegal and malicious traffic, traffic that violates security policy, and traffic that violates acceptable use policies. Many IDS tools will also store a detected event in a log to be reviewed at a later date or will combine events with other data to make decisions regarding policies or damage control [5].

Related works

In the current scenario, the number of hacking and intrusion technology is increasing rapidly. Unfortunately, the security and risks associate with Smartphone device has not been considered to be a wild issue to many wireless and mobile vendors such AT&T Company. The ignorance of user's privacy may cause fatal problems

To client's credits cards, usernames, passwords, etc. this potential causality needs careful consideration and vendors should acknowledge the user's concern and deal with them in a straightforward manner. Because the classified information should not be liable to any attempt of hacking or intrusion incidents. Intrusion detection should be operated at all level of security to ensure the user privacy and confidentiality. Therefore, manufacturing companies should provide a system that acts solely on the recent information and past history of the mobile phone owner activities and classifies the Smartphone users into classes according to their usage logs. Such logs contain the

Relevant characteristics for every call made by the user. As soon as the system identifies a fraud or unusual event, it notifies automatically both the carrier telecom and the victim immediately.

Existing System:

The Existing Smartphone security system involves IDS (Intrusion detection system). Intrusion detection is the act of detecting unwanted traffic on a network or a device.

IDS

An IDS can be a piece of installed software or a physical appliance that monitors network traffic in order to detect unwanted activity and events such as illegal and malicious traffic, traffic that violates security policy, and traffic that violates acceptable use policies. Many IDS tools will also store a detected event in a log to be reviewed at a later date or will combine events with other data to make decisions regarding policies or damage control. An IPS is a type of IDS that can prevent or stop unwanted traffic. The IPS usually logs such events and related information.[11]

Network-Based

A Network Intrusion Detection System (NIDS) is one common type of IDS that analyzes network traffic at all layers of the Open Systems Interconnection (OSI) model and makes decisions about the purpose of the traffic, analyzing for suspicious activity. Most NIDSs are easy to deploy on a network and can often view traffic from many systems at once. A term becoming more widely used by vendors is "Wireless Intrusion Prevention System" (WIPS) to describe a network device that monitors and analyzes the wireless radio spectrum in a network for intrusions and performs countermeasures.

Wireless

A wireless local area network (WLAN) IDS is similar to NIDS in that it can analyze network traffic. However, it will also analyze wireless-specific traffic, including scanning for external users trying to connect to access points (AP), rogue APs, users outside the physical area of the company, and WLAN IDSs built into APs. As networks increasingly support wireless technologies at various points of a topology, WLAN IDS will play larger roles in security. Many previous NIDS tools will include enhancements to support wireless traffic analysis.

Network Behavior Anomaly Detection

Network behavior anomaly detection (NBAD) views traffic on network segments to determine if anomalies exist in the amount or type of traffic. Segments that usually see very little traffic or segments that see only a particular type of traffic may transform the amount or type of traffic if an unwanted event occurs. NBAD requires several sensors to create a good snapshot of a network and requires benchmarking and baselining to determine the nominal amount of a segment’s traffic.

Host-Based

Host-based intrusion detection systems (HIDS) analyze network traffic and system-specific settings such as software calls, local security policy, local log audits, and more. A HIDS must be installed on each machine and requires configuration specific to that operating system and software.

Detection Types

Signature-Based Detection

An IDS can use signature-based detection, relying on known traffic data to analyze potentially unwanted traffic. This type of detection is very fast and easy to configure. However, an attacker can slightly modify an attack to render it undetectable by a signature-based IDS. Still, signature-based detection, although limited in its detection capability, can be very accurate.

Anomaly-Based Detection

An IDS that looks at network traffic and detects data that is incorrect, not valid, or generally abnormal is called anomaly-based detection. This method is useful for detecting unwanted traffic that is not specifically known. For instance, an anomaly-based IDS will detect that an Internet protocol (IP) packet is malformed. It does not detect that it is malformed in a specific way, but indicates that it is anomalous.

Stateful Protocol Inspection

Stateful protocol inspection is similar to anomaly-based detection, but it can also analyze traffic at the network and transport layer and vender-specific traffic at the application layer, which anomaly-based detection cannot do.

Proposed System:

The existing intrusion or security systems that run on the Smartphone device is a complicated task since it involves complex implementation due to the differences in the each mechanism infrastructure. In our proposed system will provide a solid security protection against any threats to user privacy and information that on the web that processing on the Smartphone device.

Smartphone Intrusion Detection System:

The Main Theme, IDS we have indentified the merits and demerits of the existing system on Smartphone device that needs much and more consideration to prevent any hazards and attacks, which can hugely affect the Smartphone users in different modulation. The rapid increase of Smartphone users is increasing because of its unique features and smart innovative technology it can provide the user security to their slim device. IDS require expanded consideration behalf of security of data transactions and transmission.

Figure 2 Overall Structure of proposed system

The IDS is enhanced with security mechanism to detect prevent halt and discard and type of penetration into Smartphone device, the implementation of these successful intergration of the techniques. IDS ill outperform other exiting system in many aspects. IDS system has its unique security of Smartphone. Basically Smartphone have its unique privacy for their users.

Functionality:

The data have been received by the smart phone the received data have to penetrate through the SIDS, this Security System will placed in Smartphone itself because we need to avoid intrusion at receiver side only (Smartphone), this security system may be in the form of software or physical device it depends on the future requirements. The SIDS need to check the data in by all level of securities. The SIDS intragrated with firewall antivirus anti-spam and also IDS so the data have to check with each level security and get its own feedback. This SIDS also maintains the logs of data in their internal memory. Basically the logs are used for their future reference to detect their threats or authorized accesses. Instead of regular checking, better we can follow their logs to identify the intrusion. it will increases performance and reliability level.

Figure 3 functional diagram

MORDM

It is a single system which can maintain all kind of attacks and intrusion. The request from the any provider first feed into the SIDS which contains a multi objective routing and decision making (MORDM).

The main task of MORDM is to send the request to each component and receive the response from it individually whether the send information contain any falsely data, viruses, spam, intrusion etc., If the response is positive i.e. valid data is send to Smart phones or else it is maintained in logs.

Mobile Firewall

Firewall is used for secure network purpose. In the wireless communication network used in Smartphone. So we want to secure our transaction using the firewall. Firewall checks our transaction network and also check network authentication. Firewall is designed to protect wireless communication networks from unauthorized access and use. The whole system works when it is used connectively and if the mobile node, the firewall hardware and software system, and the network itself are present and operational. The mobile communications firewall system is made and designed to safeguard the network's system together with all of the mobile clients or subscribers that make use of the services offered by the network.

The mobile firewall system will send a verification request to the network to check an existing database for a matching profile for the mobile node that has made the request. If a mobile node firewall profile match is found, a predetermined static pinhole would then be opened so that the mobile node's request could pass through and access to the network granted. As the request is processed by the network, an outside node will be able to receive the data transmitted by the mobile node.

Antivirus

Antivirus software is software that attempts to combat malware, such as computer viruses, computer worms, root-kits, and Trojan horses. Antivirus software typically employs a variety of strategies, including searching for known patterns in malware executable code (signatures), and emulating a program in a sandbox to see if it acts maliciously. Success depends on striking a balance between false positives and false negatives. False positives can be as destructive as false negatives.

Antivirus software has disadvantages to the user as well. It often causes a significant decline in computer performance, it may present computer users with a decision the user may not understand. Antivirus software generally works at the highly trusted kernel level of the operating system, creating a potential avenue of attack.

Virus is basically programs which are programmed to do some operation which is not desirable for the user. Antivirus does the opposite, they monitor the programs doing those work and force them to stop doing the same. Antivirus basically has more processor power so that they can kill the virus which has less processor power.

Anti-Spam

Anti spam check the senders’ names and addresses and filter the spam emails according to a black list of spammers they own and update. Anti spam check the recipients’ names and addresses and according to certain parameters, they filter the emails. For example, if the mail is sent to a large group sorted alphabetically, the email is considered spam.

Anti spam scan the emails (Their subject and body) and search for certain words or phrases such as "Viva" and filter the spam email accordingly. Anti spam system at the moment has only one rule. I planned to develop more rules, but none on these will be hidden. Every rule will have its own setting on the component options.

Intrusion Prevention System

Intrusion prevention is a pre-emptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. However, because an exploit may be carried out very quickly after the attacker gains access, intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator. For example, an IPS might drop a packet that it determines to be malicious and block all further traffic from that IP address or port. Legitimate traffic, meanwhile, should be forwarded to the recipient with no apparent disruption or delay of service.  This proposed technique uses HIDS because we have to avoid intrusion at host side (Receiver or Smartphone).

Conclusion:

Smartphone device needs a robust and reliable intrusion detection system to ensure the privacy and confidentiality of the holder. In propose system is to compensate some of the deficiency with IDs that operates on Smartphone device. The existing intrusion detection system is unfortunately not as efficient as user expectation. SIDS will certainly be effective and operated at all level of security that complies with the international security policy and privacy. In the future, there is plan to implement the proposed system in real to demo. However, complexity of the IPS infrastructure is a challenge task that may delay for the processes continuation of the implementation. Determination of the entire performance of the proposed system before implantation cannot be predicted in a complete form. However, the expectation is to exceed the highest level of security in comparison with other existing systems.

[1]  Andrew Nusca (20 August 2009). "Smartphone vs. feature phone arms race heats up; which did you buy?". ZDNet. Retrieved 2011-12-15.

[2] http://en.wikipedia.org/wiki/Smartphone

[3]  Mylonas Alexios; Dritsas Stelios, Tsoumas Bill and Gritzalis Dimitrios (2011). Samarati and Lopez. ed. Proc. of International Conference of Security and Cryptography (SECRYPT '11). SciTePress. pp. 25–36.

[4] Lookout, Retrevo warn of growing Android malware epidemic, note Apple's iOS is far safer". Appleinsider.com. 2011-08-03. Retrieved 2012-01-05.

[5] Gene Tyler, "Intrusion Detection Systems", Sixth Edition,

pp.5-93, September 2009.

[6] http://www.crossbeam.com/mobile-network-providers-face-a-potential-exodus-of-74-percent-of-smartphone-users-after-a-security-breach/ - Mobile network providers will be blamed for smartphone attacks, regardless of fault

[7] Source: Whatis.com

[11] Gene Tyler, "Intrusion Detection Systems", Sixth Edition, pp.5-93, September 2009.