Jaime Sánchez introduces the first Android Intrusion Detection System in his presentation at DeepSec 2013:
„Being popular is not always a good thing and here’s why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection framework that will be the first open source Android IDS on network level.
This open source network-based intrusion detection system and network-based intrusion protection system has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks, featuring: Protocol analysis, Content searching and Content matching.
In IDS/IPS mode, the program will monitor network traffic and analyze it against a rule set defined by the user, and then perform a specific action based on what has been identified. With the help of custom built signatures, the framework can also be used to detect probes or attacks designed for mobile devices, fool and cheat operating system fingerprinting attempts (like nmap or p0f), server message block probes, etc.“
Loading more stuff…
Hmm…it looks like things are taking a while to load. Try again?