Professional Documents
Culture Documents
DOI 10.1007/s11277-015-3121-8
123
D. Moon et al.
1 Introduction
Smart devices have become deeply embedded in the lives of users. Smart phones, which
are the most commonly used smart devices, provide convenient enhancements by offering
diverse content, not only through built-in functions including alarms, memos, cameras,
schedule management, and telephone services, but also through navigation, augmented
reality, social networking services (SNSs), banking, e-mail, and network games that all use
the internet. Smart phones are capable of performing the same functions as desktop PCs, in
addition to simpler functions, and work efficiency increases when these devices are used as
mobile offices without restrictions on time or spatial limits. The benefits of cost reduction
and performance efficiency enhancement encourage a continuously upwards trend in the
number of users who use smart phones [15]. Many smart phones that offer a diverse range
of benefits make use of a general-purpose operating system (OS) [69]. Although pro-
viding diverse services and the development of content are easy because of the general-
purpose OS, creating mobile malicious code is also easy [1, 1012].
Many crimes target the security weaknesses of mobile devices, and the size and damage
of attacks on mobile devices, such as smart phones, are ever increasing [1318]. For this
reason, a number of applications have been developed that detect diverse malicious code
and prevent private information leakage as part of the security measures of mobile devices.
Because these applications detect malicious code using a sequential method in which a
response is made by the list in the signature of the malicious code, detection of and
responses to attacks, such as APTs, are very difficult. An intelligent security model is
critical to the protection of smart phone users and is required against security threats such
as information leaks, illegal billing, and illicit use of personal information by malicious
actions and codes that are intelligent and able to transform into diverse forms [1621].
Moreover, next-generation security technology for mobile devices that can provide secu-
rity, integrity, usability, and reliability in diverse service environments is required. This
paper suggests intelligent security model of smart phone based on human behavior in
mobile cloud computing to detect diverse malicious code and respond to advanced attacks,
such as APT. The suggested intelligent security model of smart phone collects user
behavior and permissions information from mobile devices. The collected information
would then be transferred to the cloud for multi-dimensional analysis and the type of
malicious code determined. This model can provide more profound detection compared to
123
Intelligent Security Model of Smart Phone Based on Human
the existing response to malicious code through signature, as well as stronger security as
shown in Fig. 1 [1, 11].
This paper consists of the following sections: section 2 discusses the mobile threat
factor and security requirements along with an analysis of a previously suggested model.
Section 3 presents an intelligent security model of smart phone. Section 4 presents design
of intelligent security model of smart phone based on human behavior in mobile cloud
computing. Section 5 presents system efficiency through a comparative analysis between
previous researches and the suggested system. Finally, Sect. 6 contains the overall con-
clusions, a summary, and suggests direction for future researches.
2 Related Work
This section explains threat factors, types of malicious code, essential security consider-
ations for mobile devices, and provides reviews of previous literature relevant to this study.
Real-time information
shared with diverse Key role of
devices providing
convenient service
Easy
portability
Increased weakness
Desktop function to malicious attack
performance
Analysis Collection of
Information User Pattern & Information
+PVGNNKIGPV5OCTV2JQPG5GEWTKV[/QFGN
%NQWF
Fig. 1 Conceptual map of response to diverse mobile attacks using the intelligent security model of smart
phone
123
D. Moon et al.
Factors that greatly affect mobile security can be divided into application-based threats,
web-based threats, and network-based threats. Application-based threats frequently occur
in application downloadable to mobile devices. Software applications developed with
malicious purposes are capable of extracting stored information and inducing fatal errors in
mobile devices. Private information leaked through information extraction occurs through
spyware. Spyware is capable of collecting data related to locations, contacts, calling his-
tory, e-mail, pictures, and text messages without user consent. Application-based threats
cause an automatic download of malicious applications, hacking, and malfunctioning of
mobile devices, which include systematic suspension and access to private information
without notice [20].
Web-based threats are not only related to desktop PCs but also to mobile devices and
common occurrences. Acquirement of administrative authority because of weaknesses in
the general-purpose OSs of mobile devices and private information leaks through mali-
cious code occur. Mobile web browsers that are vulnerable to malicious code are down-
loadable, which can incur security breaches because of the software security defects that
are inherent in web browser components [21].
Network-based threats take place within local wireless and mobile networks. Wi-Fi
sniffing, in particular, transfers data through many applications and web pages. This
security problem is particularly serious as users are unaware of the data transfers [20].
Types of malicious mobile code can be divided into mobile device, device disability
inducing, battery consumption, excessive charge induction, information leakage, and cross
platform types, which all share similar purposes related to private information leaks,
payment action, and system demolition.
Mobile device malicious code refers to a malicious code that operates on mobile devices
and performs actions such as system demolition or private information leaks. Malicious
codes attack mobile devices to create functional paralysis of mobile devices, obtain private
information, or for financial benefit [22]. The device disability-inducing type refers to
malicious code that attacks mobile devices to cause defects or to fully disable the device in
severe cases [22]. The battery consumption type is a malicious code that continuously
incurs electricity use in mobile devices and performs diverse attacks to drain batteries [23].
The excessive charge induction type is a malicious code that incurs excessive charges by
continuously trying on the short message service (SMS) or transfer service of mobile
devices. This type of malicious code accesses stored telephone numbers without users
consent and attempts to deliver this information through SMS and transmission to
unspecified individuals by generating random numbers [23]. The information leakage type
is a malicious code that externally leaks information of the infected mobile device or users
private information. When this malicious code is installed, security settings on the mobile
device are changed to allow additional application attacks to occur as private information
stored on the mobile device and information created from previous use are externally
transferred. Moreover, there are malicious spywares that leak the location information of
the users [24]. There is also a cross platform type that infects desktop PCs through mobile
devices. A worm is copied onto a memory card, and the malicious code automatically
123
Intelligent Security Model of Smart Phone Based on Human
infects the device through auto-run functions when the infected memory card is inserted
into the desktop PC or other devices [25].
Figure 2 shows the operation process of detecting abnormal symptoms in the suggested
intelligent smart phone security model. The process is divided into five steps, and the
performance in each step is described in Table 1.
123
D. Moon et al.
/QDKNG2NCVHQTO
7RFCVG
+PHQTOCVKQP
%QNNGEVKQPQHU[UVGO
CTVKHCEVUCPFRGTOKUUKQP
KPHQTOCVKQP
%QORCTCVKXGCPCN[UKUQH
7$+&$ U[UVGOCTVKHCEVUCPF
RGTOKUUKQPKPHQTOCVKQP
0Q %NQWF%QORWVKPI2NCVHQTO
&GVGTOKPCVKQPQH
TKUMKPGUU
;GU
5WURGPUKQPQH 5GEWTG&$
JKIJTKUMU[UVGOU
TGSWGUV
5VCVKE&[PCOKE
/CMKPIRCEMCIGQH #PCN[UKU
VJGEQNNGEVGFFCVC
&GVGTOKPCVKQPQH
TKUMKPGUU
TGRQTV /CMKPI#PCN[UKU
4KUMYCTPKPICPF
4GRQTV
PGVYQTMUJWVFQYP
Fig. 2 Scenarios for the detection of abnormal symptoms using an intelligent security model of smart
phone
Step 1 Behavior information centered at users that are related to processing, networks, registry, drivers,
and authorities in the smart phone are collected to be stored in UBI DB
Step 2 Riskiness is analyzed by comparing the information in the UBI DB and collected information. If
abnormal symptoms are detected, the system operation with the highest risk is suspended. Where
no abnormal symptoms are found, data are continuously collected
Step 3 Collected data packages are written and an analysis is commissioned to cloud computing, which
performs static and dynamic analyses using data in secure DB and collected data from the smart
phone
Step 4 Risk level is determined based on the analyzed data and an analysis report is written
Step 5 An analysis report is written in cloud computing and sent to the mobile platform, which warns of
the riskiness and shuts down the smart phone network
123
Intelligent Security Model of Smart Phone Based on Human
The structure of the intelligent security model of smart phone (ISMSP) based on human
behavior in mobile cloud computing suggested in this paper is shown in Fig. 3. The
intelligent security model of smart phone can be functionally divided into a mobile plat-
form and cloud-computing platform, and the two are connected to provide intelligent
security of smart phone.
The mobile platform is composed of permission analysis tools (PAT), a user behavior
inspector (UBI), a user behavior information database (UBI DB), a network monitor (NM),
a memory monitor (MM), a file monitor (FM), and a mobile security manager (MSM).
Network monitor (NM) this component monitors network information, such as con-
nection information to external networks, traffic information, and operation information on
mobile platforms.
Memory monitor (MM) monitors files such as running applications, processes, registry,
networks, and driver information.
File monitor (FM) monitors information about files including file size, form, signature,
change from modification, and generation time.
Permission analysis tools (PAT) collect degrees of usage of information along with
permission information for each installed application and analyzes them to determine
riskiness.
User behavior information database (UBI DB) perceives the usage pattern of smart
phone users to analyze and store as user behavior data and manages the behavior infor-
mation. User behavior factors include system artifacts such as files, processes, networks,
// 0/ 2#6 (/ +PURGEVQT
#NGTV7PKV %NCUUKHKECVKQP
9CTPKPI
7PKV
/GUUCIG
/QDKNG5GEWTG 5GEWTG
/CPCIGT #PCN[\GT &$
7$+ 5VCVKE &[PCOKE
#PCN[UKU #PCN[UKU
7$+&$
%NQWF%QORWVKPI2NCVHQTO
/QDKNG2NCVHQTO
Fig. 3 Intelligent security model of smart phone architecture
123
D. Moon et al.
touch tracking (touch channel and touch frequency), channel tracking (page movement
channel and page exposure frequency), and time (day of the week and time). Behavior or
repeated behavior patterns are extracted using actions that are repeated during a certain
amount of time. Moreover, it compares this information to existing behavior and measures
risk levels according to abnormal symptoms.
Mobile secure manager (MSM) collects system artifacts including files, processes,
networks, and user behavior information and conducts comparative analyses with existing
data stored in the UBI DB. When analysis results indicate a high-risk level, the action is
suspended and the collected data are transferred to the cloud-computing platform.
The cloud computing platform is composed of an analyzer, inspector, and secure DB.
The analyzer is a component that comprehensively analyzes files, processes, memory,
certifications, and user behavior information that were transferred from the mobile plat-
form. An analyzer can be divided into static analysis and dynamic analysis according to the
analysis type. Static analysis disassembles applications and analyzes the application pro-
gramming interface used in the source code of the application to determine the existence of
malicious code. When an application appears, it is checked for falsification through
comparison and analysis of the permission information and the received permission
information. Dynamic analysis installs and runs apk files in virtual machines and checks
the order and the number of times it called the API. It determines the riskiness of the
application through comparative analysis with malicious action patterns. When the internet
API is called and the international mobile equipment identity (IMEI) and international
mobile subscriber identity (IMSI) are manipulated, it is perceived as information leak
malicious code aimed at smart phone information leakage. If SPAM-related phone num-
bers are called using the call API or if SMS or the multi-media message service (MMS)
API are called and SPAM-related words are searched, it is perceived as an excessive
charge-inducing type of malicious code.
The inspector consists of classification units and alert units. A classification unit is a
module that categorizes malicious files and processes based on analysis information. An
alert unit is a module that offers warnings to users according to the risk level.
This section explains about the Detection and Protection Service Scenario in order to detect
malicious acts and protect the mobile device. Table 2 shows Acronyms used in the Service
Scenario. Also, Fig. 4 shows a Service Scenario that detects malicious acts in a mobile
platform.
123
Intelligent Security Model of Smart Phone Based on Human
7$+
2#6 0/ /5/ // (/
&$
2CVAFCVC
4GVAXCN
6TWG^(CNUG
0OAFCVC
/OAFCVC
4GVAXCN
6TWG^(CNUG
4GVAXCN
6TWG^(CNUG
(OAFCVC
7DKAFCVC
4GVAXCN
6TWG^(CNUG
7DKAFCVC
4GVAXCN
6TWG^(CNUG
2CVAFCVC^0OAFCVC ^
/OAFCVC ^(OAFCVC ^
7DKAFCVC
123
D. Moon et al.
of analyzing data, the MSM shall determine the risk level and stop the system. Also, the
MSM provide an analysis report that would be sent to the cloud computing platform.
5 Performance Evaluation
This section compares performances between the intelligent security model of smart phone
(ISMSP) suggested in this paper and those from the previous researches Mu et al. [24],
Louk et al. [25], and Seo et al. [27] by examining their security considerations related to
confidentiality, integrity, and availability. The comparison analysis results are presented as
supported, partially supported, and not supported about confidentiality and
integrity, as is shown in Table 3. And the results are also showed as good, middle,
and weak about availability in Table 3.
Mu [24] suggested a security method for responding to diverse mobile-related threats.
Although each security method is excellent as far as the relevant threat is concerned, it
lacks comprehensive security methods in cases of diverse combined threat attacks. As a
result, it has limitations in confidentiality because the security method does not consider
integrity and usability, and reliability on the detection of the threat or attack itself is also
limited. In Louk [25], an excellent detection method is described using database storage
from aspects of application operation detection and static code analysis. However, there is
a possibility of false warning as this method depends only on static analysis, and because it
only considers application operation, response to integrity and usability that guarantees
detection of threats and attacks is not sufficient. Seo et al. [27] computes risk levels
according to access conditions in case of suspicious malicious applications and detects
malicious code through static analysis. Although this type of method is superior for static
analysis of applications with high-risk levels, it has difficulties finding malicious code
within low-risk applications. To secure reliability, it is necessary to take into account the
insufficient logical grounds for malicious code decision making.
The system where the model suggested in this paper is applied investigates information
about the actual file monitoring, process monitoring, and network monitoring as well as
user content and the pattern and frequency of user behavior. Malicious code was detected
by conducting not only static, but also dynamic analyses. In addition to these detection
schemes, it is capable of distinguishing changing intelligent malicious code with its
inherent monitoring function for integrity guarantee.
6 Conclusion
As smart devices are developed following advancements in IT, various services and works
became possible using networks such as Wi-Fi and WiBro (wireless broadband), in
addition to the 3G network, without restrictions on time and space. Although these smart
123
Intelligent Security Model of Smart Phone Based on Human
devices spread rapidly because of the numerous convenient functions available, the risk of
diverse malicious code also increases as these devices become targets for malicious
attacks, which are becoming increasingly intelligent and transforming into diverse types,
including information leaks, illegal billing, and illegal use of information. The prevalence
and damage done by mobile crimes is ever increasing.
This paper suggests an intelligent security model of smart phone to provide security,
integrity, usability, and reliability of service environments. The suggested model detects
malicious actions using actual file monitoring, process monitoring, and network monitoring
information, as well as users behavior-based data, including user contents, usage patterns,
and usage times. It also provides reliability to users by supplying them with a static and
dynamic analyzer of Android-based applications that can effectively respond to intelligent
malicious code by supporting malicious code analysis.
Future researches will involve instant response to malicious code through compre-
hensive pattern collection and analysis of smart phone users connected to cloud infras-
tructure. For this, a reinforced security model able to prevent private information leaks and
a response model that prevents dissemination of malicious code will be studied within
cloud infrastructure that performs static and dynamic analyses.
Acknowledgments This work was supported by Institute for Information and Communications Tech-
nology Promotion (IITP) Grant funded by the Korea government (MSIP) (No. B0101-15-1293, Cyber
targeted attack recognition and trace-back technology based-on long-term historic analysis of multi-source
data).
References
1. Jeong, Y.-S., Kim, H.-W., & Jang, H. J. (2013). Adaptive resource management scheme for monitoring
of CPS. Journal of Supercomputing, 66(1), 5769.
2. Gil, J.-M., Park, J. H., & Jeong, Y.-S. (2013). Data center selection based on neuro-fuzzy inference
systems in cloud computing environments. Journal of Supercomputing, 66(3), 11941214.
3. Pattaranantakul, M., Sanguannam, K., Sangwongngam, P., & Vorakulpipat, C. (2015). Efficient key
management protocol for secure RTMP video streaming toward trusted quantum network. ETRI
Journal, 37(4), 696706.
4. Degefa, F. B., & Won, D. (2013). Extended key management scheme for dynamic group in multi-cast
communication. Journal of Convergence, 4(4), 713.
5. Malkawi, M. I. (2013). The art of software systems development: Reliability, availability, maintain-
ability, performance (RAMP). Human-Centric Computing and Information Sciences, 3(22), 117.
6. Lee, S.-H., & Lee, I.-Y. (2013). A secure index management scheme for providing data sharing in cloud
storage. Journal of Information Processing Systems, 9(2), 287300.
7. Shrivastava, N., & Kumar, G. (2013). A survey on cost effective multi-cloud storage in cloud com-
puting. International Journal of Advanced Research in Computer Engineering and Technology, 2(4),
14051409.
8. Truong, T.-T., Tran, M.-T., & Duong, A.-D. (2012). Improvement of the more efficient & secure ID-
based remote mutual authentication with key agreement scheme for mobile devices on ECC. Journal of
Convergence, 3(2), 2536.
9. Dahane, A., Berrached, N.-E., & Loukil, A. (2015). A virtual laboratory to practice mobile wireless
sensor networks: A case study on energy efficient and safe weighted clustering algorithm. Journal of
Information Processing Systems, 11(2), 205228.
10. Singh, R., Singh, P., & Duhan, M. (2014). An effective implementation of security based algorithmic
approach in mobile adhoc networks. Human-Centric Computing and Information Sciences, 4(7), 114.
11. Kim, H.-W., Kim, J.-H., Park, J. H., & Jeong, Y.-S. (2014). Time pattern locking scheme for secure
multimedia contents in human-centric device. The Scientific World Journal, 2014, 19.
12. Gaonkar, P. E., Bojewar, S., & Das, J. A. (2013). A survey: Data storage technologies. International
Journal of Engineering Science and Innovative Technology, 2(2), 547554.
123
D. Moon et al.
13. Dong, B., Zheng, Q., Tian, F., Chao, K., Ma, R., & Anane, R. (2012). An optimized approach for storing
and accessing small files on cloud storage. Journal of Network and Computer Applications, 35(6),
18471862.
14. Chattopadhyay, M., Dan, P. K., & Mazumdar, S. (2014). Comparison of visualization of optimal
clustering using self-organizing map and growing hierarchical self-organizing map in cellular manu-
facturing system. Applied Soft Computing, 22, 528543.
15. Mohammed, J. (2014). Evolution of the next generation of technologies: Mobile and ubiquitous
computing. International Journal of Advanced Research in Science, Engineering and Technology, 1(5),
247253.
16. Park, J. H., Kim, H.-W., & Jeong, Y.-S. (2014). Efficiency sustainability resource visual simulator for
clustered desktop virtualization based on cloud infrastructure. Sustainability, 6, 80798091.
17. Kim, H.-W., Park, J. H., & Jeong, Y.-S. (2015). Human-centric storage resource mechanism for big data
on cloud service architecture. Journal of Supercomputing. doi:10.1007/s11227-015-1390-3.
18. Duan, H., Yu, S., Mei, M., Zhan, W., & Li, L. (2015). CSTORE: A desktop-oriented distributed public
cloud storage system. Computers and Electrical Engineering. doi:10.1016/j.compeleceng.2014.11.001.
19. Suarez-Tangil, G., Conti, M. (2014). Detecting targeted smart phone malware with behavior-triggering
stochastic models. In Proceedings of 19th European symposium on research in computer security, 711
(pp. 183201). Wroclaw, Poland.
20. Raveendranath, R., Rajamani, V., & Datta, S. K. (2014) Android malware attacks and countermeasures:
Current and future directions. In Proceedings of 2014 international conference on control, instru-
mentation, communication and computational technologies, 1011 (pp. 137143). IEEE, Kanyakumari.
21. Luo, T., Hao, H., Du, W., Wang, Y., & Yin, H. (2011). Attacks on WebView in the android system. In
Proceedings of 27th annual computer security applications conference, 59 (pp. 343352). Orlando,
FL, USA.
22. Zhou, Y., & Jiang, X. (2012). Dissecting android malware: Characterization and evolution. In Pro-
ceedings of 2012 IEEE symposium on security and privacy, 2023 (pp. 95109). IEEE, San Francisco,
CA.
23. Kim, H., Smith, J., & Shin, K. G. (2010). Detecting energy-greedy anomalies and mobile malware
variants. In Proceedings of the international conference on mobile systems, applications, and services,
1518 (pp. 239252). ACM, Breckenridge, Colorado, USA.
24. Mu, J., Cui, A., & Rao, J. (2013). Android mobile security-threats and protection. In Proceedings of
international conference on computer, networks and communication engineering (ICCNCE 2013),
2324 (pp. 683686). Atlantis Press, Beijing, China.
25. Louk, M., Lim, H., & Lee, H. (2014). An Analysis of security system for intrusion in smart phone
environment. The Scientific World Journal, 2014 (pp. 112), Article ID 983901.
26. Mohd Foozy, C. F., Ahmad, R., & Abdollah, M. F. (2013). Phishing detection taxonomy for mobile
device. International Journal of Computer Science Issues, 10(1), 338344.
27. Seo, S.-H., Gupta, A., Sallam, A. M., Bertino, E., & Yim, K. (2014). Detecting mobile malware threats
to homeland security through static analysis. Journal of Network and Computer Applications, 38,
4353.
123
Intelligent Security Model of Smart Phone Based on Human
123
D. Moon et al.
123