A specification based intrusion detection framework for mobile phones

Ashwin Chaugule, Zhi Xu, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Scopus citations


With the fast growth of mobile market, we are now seeing more and more malware on mobile phones. One common pattern of many commonly found malware on mobile phones is that: the malware always attempts to access sensitive system services on the mobile phone in an unobtrusive and stealthy fashion. For example, the malware may send messages automatically or stealthily interface with the audio peripherals on the device without the user's awareness and authorization. To detect the unauthorized malicious behavior, we present SBIDF, a Specification Based Intrusion Detection Framework, which utilizes the keypad or touchscreen interrupts to differentiate between malware and human activity. Specifically, in the proposed framework, we use an application independent specification, written in Temporal Logic of Causal Knowledge (TLCK), to describe the normal behavior pattern, and enforce this specification to all third party applications on the mobile phone during runtime by monitoring the inter-component communication pattern among critical components. Our evaluation of simulated behavior of real world malware shows that we are able to detect all forms of malware that attempts to access sensitive services without possessing user's permission. Furthermore, the SBIDF incurs a negligible overhead (20 μ secs) which makes it very feasible for real world deployment.

Original languageEnglish (US)
Title of host publicationApplied Cryptography and Network Security - 9th International Conference, ACNS 2011, Proceedings
Number of pages19
StatePublished - 2011
Event9th International Conference on Applied Cryptography and Network Security, ACNS 2011 - Nerja, Spain
Duration: Jun 7 2011Jun 10 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6715 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other9th International Conference on Applied Cryptography and Network Security, ACNS 2011

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'A specification based intrusion detection framework for mobile phones'. Together they form a unique fingerprint.

Cite this