Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypot in Mobile Network Security

Published byFrancis Allen Modified over 6 years ago

Similar presentations

Presentation on theme: "Honeypot in Mobile Network Security"— Presentation transcript:

1 Honeypot in Mobile Network Security
By Assmaa A. Fahad Supervised by Dr. Hana'a M. A. Salman & Dr. Nidaa Flaih Hassan

2 Introduction Honeypot: is a computer system that built and deployed to be attacked in order to study new attacks and to serve as an early warning system. Honeypot techniques are successfully used in regular networks. However, the development of mobile honeypots is still at an early stage.

3 Honeypot Classification
High-interaction Honeypot: interacts with the attackers as a regular node to capture the maximum amount of information. Low-interaction Honeypot: emulate the services with a limited subset of functionality to detect unauthorized activities. There are several possible ways to classify honeypots. Some of the more popular are by the level of interaction with the attacker.

4 Mobile Threat Reports

5 Malware Detection Sites
Client side: Pros : Trusted. Cons: Constrained by its limited physical resources. Network side: Pros:1)Analyze mobile network traffic from many users. 2)Can be used in conjunction with Client-side to: Improve the detection rates. Provide a broad view of malicious activities. Cons : Only monitor and analyze the cellular network traffics. Cloud-based side: Pros: Different types of wireless communications from many users. Cons: Only for users that have the app and require a large number of subscribers. Based on where the detection is performed we can classify the detection methods into three categories: Method 2 is not suitable for malware uses WiFi. cloud base side: offers a trade-off between network-level analysis and on-device security by offloading intensive security analysis and computations to the cloud while monitoring internal mobile device events as well as different types of wireless communications from many users.

6 Well known Mobile Threat Types
Spyware: collect information about user’s habits that is sent to another party. Malware: pose a significant security risk to the user’s system or information. Potentially unwanted software: undesirable or intrusive programs that are used in a questionable manner. Spyware : BROWSING HABITS, SEARCH STRINGS, Visited URLs AND PREFERRED APPLICATIONS. Malware : Their malicious actions includes but are not limited to installing hidden objects, creating new malicious objects, damaging or altering any data without authorization, and installing any data or access credentials.

7 Mobile Malware Statistics, Q3 2013

8 Related Work Freeman et al. (December 2009) Create a 1st generation Smartphone honeypot, Smartpot, to discovering automated worms. They use Honeyd low-interaction honeypot tools. Mulliner et al. (May 2011) Propose HoneyDroid Smartphone honeypot using real mobile phone with virtualized components. The drawback is that HoneyDroid does not behave exactly the same way the original Android system does. Honeypot are successfully used in wired networks in order to study the strategies of attackers and to protect production systems from attacks. However, the development of mobile honeypots is still at an early stage. Mulliner : This might be detected by malware, which could then stop its attack and thus escape the honeypot

9 Related Work (cont.) Wahlisch et al. (January 2013) Design a honeypot using Kippo, Glastopf, and Dionaea standard tools to operate on standard PC running Linux. The honeypot connected to a mobile network, as well as different types of wired Internet access networks. Liebergetd et al. (May 2013) propose a Nomadic honeypot to collect threat intelligence on smartphones. The Nomadic logically divided into two partitions: mobile OS, which has no direct access to device’s communication hardware, and the other for the Nomadic honeypot itself. Nomadic drawback is that it comes with computational overhead that effects the device’s response and its battery life.

10 The Designed Smart Phone Honeypot
Design a Low Interaction Honeypot, which includes: Design and construct the system's database Data analysis (Malware detection ) System reactions

11 1- Design and Construct The System's Database
The Malware Dataset : 1260 Android malware samples, in 49 families. Collected between August 2010 to October 2011. The samples are in .APK format.

12 2- Data Analysis ( Malware Detection )
Hardware approach Performance counters : Registers provided by the majority of modern microprocessors, that can be used to capture wide range of hardware related activities in the system each of these activities represent a program feature. ARM (Advanced RISC Machines) performance counters is used.

13 Number of events that ARM counters can program to monitor is 58 events.
Selected features are: number of instructions. number of cache miss. number of branches. number of cycles. Used features are:

14 BaseBridge malware family's features

15 The collected data from the performance counters , are stream of integers

16 Data pre-processing function.
Min-Max Normalization Z-score technique

17 Therefore the system works with three different data sets:
Data set collected from the ARM performance counters without any preprocessing. Data set generated by applying Min-Max normalization rule. Data set generated by applying Z-score normalization rule.

18 Test Case Application Program Pattern Matching
K-means algorithm is used to classify Android application program . One- dimensional Euclidean distance Multi-dimensional Euclidean distance is

19 One – Dimensional Euclidean distance

20 Multi – Dimensional Euclidean distance

21 3-System Reaction The system is expected to display a warning report to the user.

22 Conclusions Designing a smart phone Honeypot comes with computational overhead. With a very restricted smart phone resources, low-interaction Honeypot is recommended. With hardware approach, the hackers have to take in considerations different micro architectures techniques that are available and can be used for detection. Honeypot could help to generate real statistics about the attacks behaviour

23 Conclusions (Cont.) Although the results were as low as 33% for some families, the algorithm was fully classified other families with 100% accuracy. This indicates that the malicious application programs can be detected by using the hardware performance counters. Honeypot has to perform different functions in a real time. With the limitation in the smart phone resources, implementing these functions in a real time will be a big challenge.

Download ppt "Honeypot in Mobile Network Security"

Similar presentations

Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
KB-IDS. Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai Team Members: Eliya Rahamim Elad Ankry Uri Kanonov.

KB-IDS. Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai Team Members: Eliya Rahamim Elad Ankry Uri Kanonov.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
A.C. Chen ADL M Zubair Rafique Muhammad Khurram Khan Khaled Alghathbar Muddassar Farooq The 8th FTRA International Conference on Secure and.

A.C. Chen ADL M Zubair Rafique Muhammad Khurram Khan Khaled Alghathbar Muddassar Farooq The 8th FTRA International Conference on Secure and.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Reporting Applications Reporting application inputs data from one or more sources and applies a reporting tool to that data to produce information. This.

Reporting Applications Reporting application inputs data from one or more sources and applies a reporting tool to that data to produce information. This.
A Survey of Mobile Cloud Computing Application Models

A Survey of Mobile Cloud Computing Application Models
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
PC Security: Antivirus Presentation done by Ming-Li Emily Chang (A2980) Raymond Chok (A2419)

PC Security: Antivirus Presentation done by Ming-Li Emily Chang (A2980) Raymond Chok (A2419)
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Similar presentations

Ads by Google