Detecting malware attack in mobile phone using Intrusion Detection and Prevention System (IDPS)

Leow, Yu Hong (2024) Detecting malware attack in mobile phone using Intrusion Detection and Prevention System (IDPS). Final Year Project, UTAR.

Preview

PDF Download (2281Kb) | Preview

Abstract

This project centers on cybersecurity, with a specific focus on detecting and preventing adware through the use of Intrusion Detection and Prevention Systems (IDPS) on Android mobile devices. The project integrates both Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to strengthen defenses against adware attacks using the IDPS approach. Multiple techniques are employed, such as signature-based adware detection, machine learning model detection, and network-based detection. In the signature-based method, adware is identified by comparing it with a database of known adware signatures. For adware not found in the database, detection is handled through machine learning models or network-based approaches. Several malware attributes are analyzed, including file name, size, type, and API calls. The research data covers the period from 2019 to 2023, with some data from earlier years. Thanks to the diverse detection methods used by the IDS, such as signature-based detection and machine learning models, we were able to detect both known and previously unknown adware in our initial tests. However, false positives can arise due to configuration errors or low-accuracy model development. Our quarantine system stops specific application processes to prevent further malware infection. Regular updates to the signature database are crucial for effectively detecting and stopping threats. By integrating IDS and IPS, we can significantly improve our success rate in preventing malware attacks, as each system compensates for the other's weaknesses and enhances overall detection.

Actions (login required)