Detection, alert and response to malicious behavior in mobile devices: Knowledge-based approach

Asaf Shabtai, Uri Kanonov, Yuval Elovici

Recent Advances in Intrusion Detection: 12th International Symposium, RAID …, 2009

In this research, we evaluate a knowledge-based approach for detecting instances of known classes of mobile devices malware based on their temporal behavior. The framework relies on lightweight agent that continuously monitors time-stamped security data within the mobile device and then processes the data using a light version of the Knowledge-Based Temporal Abstraction (KBTA) methodology. The new approach was applied for detecting malware on Google Android powered-devices. Evaluation results demonstrated the effectiveness of the proposed approach.