1 / 7

Global system architecture

KB-IDS - Prototype Knowledge-based Temporal Abstraction Host-based Intrusion Detection System for Android. Version 1.0 Team members: Uri Kanonov , Elad Ankry , Eliya Rahamim May 11 th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai.

enrico
Download Presentation

Global system architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KB-IDS - PrototypeKnowledge-basedTemporalAbstraction Host-based Intrusion Detection System for Android Version 1.0 Team members: Uri Kanonov, EladAnkry, EliyaRahamimMay 11th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: AsafShabtai Securing Android-based Devices T+9

  2. Graphical User Interface Global system architecture Feature Extractors SQLite Agent Service Application Level Loggers Processor Manager Operating System Scheduling Configuration Manager Alert Handler Feature Manager Threat Weighting Unit Memory Communication layer Keyboard Network Hardware Processors Power Linux Kernel KBTA … Application Framework NetProtect Securing Android-based Devices T+9

  3. KBTA-ProcessorImplemented • Ontology • Loading • Storage • Handled Elements • Primitives • Events • State • Context • Computation • KBTA-Service (Incremental Abstraction) • Monitoring • Alerts definition • Loading from XML • Storage • Monitoring Abstractions • Communication with the TWU Securing Android-based Devices T+9

  4. KBTA-ProcessorRemaining • Handled Elements • Trend • Pattern • Context destruction • Processor setting screen • Sending of monitored elements to NetProtect Securing Android-based Devices T+9

  5. Overview of the KBTA Algorithm • Time-Stamped Raw Data: • - Primitive Parameters • - Events • Higher Level Meaningful Temporal Information: • - Contexts • - Abstractions (Trends, States) • - Temporal Patterns Knowledge (KBTA Security ontology) • Four inference mechanisms: • - Temporal Context Forming • - Contemporaneous Abstraction • - Temporal Interpolation • - Temporal Pattern Matching Securing Android-based Devices T+9

  6. Amount of non-system applications with the Camera permission Demonstration Scenario #1 Legend Perm_Camera Primitive Context Many_Apps_With_Camera_Permission State Amount of pictures taken in the last 2 minutes Alert Camera Camera_Abuse Camera_Usage Securing Android-based Devices T+9

  7. Demonstration Scenario #2 Garbage_Collections Running _Processes Minor_Page_Faults Amount_of_Processes_High Context_Switches Minor_Page_Faults_Level Garbage_Collections_Level CPU_Usage Context_Switches_Level System_Load_level Abnormal System Load High_CPU_Usage Securing Android-based Devices T+9

More Related