| The computing and network capabilities of mobile devices such as smartphone have been continuously enhanced due to the development of wireless communication, mobile broadband and embedded technologies. Smartphone is the trend of unified communications which integrate telecom and Internet services onto a single device, and it gradually becomes the personal information center. New malwares of smartphone continuously spring up as the amount of smartphone users grows dramatically, and this situation endangers the privacy and property of users, the security of device and even of the Internet and telecom. How to ensure the security of mobile devices and telecom is one of the key issues concerned by academia and industry.Basic smartphone protection technologies such as operating system security reinforcement and digital signature cannot curb the spread of malwares. Most of the smartphone security softwares are signature based, which can detect known malwares but cannot do anything about new malicious softwares, and it is difficult to keep the signature library up to date due to the particularity of mobile network. Traditional intrusion detection system of mobile network also cannot detect the novel DoS attack. Anomaly detection assumes that the activities of intruders are differ from normal, and the behavior deviated from normal behavior library which is defined by system user’s normal activities is identified as abnormal. Anomaly detection technology has become the focus of research in mobile Internet security.This thesis focuses on how to detect novel malwares of mobile devices and how to defense against and detect mobile network DoS attacks, and the proposed solutions are as follows:Firstly, we propose a result fusion based distribution anomaly detection system of mobile devices. In this system framework, smartphone client’s main function is to extract feature vectors and transfer them to the remote server, and detection algorithms are implemented in the server to detect anomaly. D-S evidence theory is adopted to fuse results of various classification algorithms, and we proved result fusion could effectively improve the detection rate. The integrated weight method combine with objective weight and subjective weight is used to select features, and the best size of feature set is determined by experiment. We also analyze the performance overhead of client, the detection rate and false positive rate, and improve that our detection framework is effective to detect malwares. Then, a novel cycle-based statistical approach for smartphone anomaly detection is proposed. This approach is based on the regular patterns of user life, and the abnormal is determined by the distance from the undetermined feature vector to the similar time segments’vectors of previous cycles. We use the Mahalanobis distance as distance metric since it is rarely affected by the correlate and value range of features. Our experiments prove that this approach could effectively improve the detection rate of background malwares. We introduce a sliding window mechanism to effectively reduce the false positive rate caused by abnormal user operation.In the last, base on the analysis of novel mobile network signaling DoS attacks, we discover that attackers usually exploit the key parameters of mobile network in order to achieve minimum-cost-maximum-impact attack patterns. So, we propose a random parameter setting method, by which the difficulty of attack is increased and the signal message is greatly reduced. The randomization method cannot make mobile network avoid DoS attack, so we propose a cycle distribution based approach for mobile network anomaly detection. In this approach, abnormal is determined by the KL divergence of distributions. We prove the effectiveness of this detection approach by simulation exeperiments. |
PDF Full Text Request