Research Of Anomaly-based Intrusion Detection For Android Mobile Phone System

With the increasing popularity of smart phone, the role of mobile phone is also changing in people’s daily lives. However, when the difference between smart phone and PC diminishing, there are also prominent security issues on the phone. The mobile phone virus has become the means of many people with ulterior motives of the pursuit of economic interests. Most of the virus protection software on the mobile phone use the "cloud" technology. However, it can’t effectively enhance the self-defense capability of smart phone. So the intrusion detection technology is applied to solve it.As the essential technique of the field of computer security, the theory of intrusion detection has gradually matured in decades. Because of the late start of the smart phone platform, the search of mobile phone safety which is based on intrusion detection principle is still in its infancy. We do the research on intrusion detection and choose Android system as the platform in this paper. We aim to improve the phone system for the detection of abnormal network behavior so as to achieve the effect of the mobile intrusion detection. The system uses AIDA, an anomaly-based intrusion detection algorithm, as the analysis algorithm. The main idea of this algorithm is to detect the delay between the mobile phone network events and user input events to determine whether it has abnormal behavior. Compared to other algorithms, it is easy to achieve on the platform.According to the intrusion detection system design idea and principle, we give the framework of the overall design of intrusion detection system on the Android mobile phone platform. We focus on analyzing the system function in detail for each module including data extraction module, data analysis module, response module and database module. And then we describe the encoding in detail. Finally, we install the system on a real machine and choose different parameters to initialize it. We test the reliability of the system and the results show that under different circumstances, it can effectively improve the system reliability by appropriately choosing the system parameters. At this point it proves that the system enhanced self-defense abilities of the phone. It indeed has some practical value.