Building The First Android IDS On Network Level

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration)

Being popular is not always a good thing and here's why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection framework that will be the first open source Android IDS on network level. This open source network-based intrusion detection system and network-based intrusion protection system has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks, featuring: Protocol analysis, Content searching and Content matching. In IDS/IPS mode, the program will monitor network traffic and analyze it against a rule set defined by the user, and then perform a specific action based on what has been identified. With the help of custom built signatures, the framework can also be used to detect probes or attacks designed for mobile devices, fool and cheat operating system fingerprinting attempts (like nmap or p0f), server message block probes, etc.

Presenters:

• Jaime Sánchez - -
  Jaime is a security reseacher specialized in network protocols and technologies, with over ten years of experience in positions of consulting, risk management, secure network architectures and ethical hacking. He works in the Security Operations Center (SOC) of a multinational telecommunications company, offering managed security services for IBEX35 companies. He is a frequent speaker and has given talks at conferences like Rootedcon, Nuit Du Hack, Blackhat Arsenal, Defcon or DerbyCon. He holds several security certifications, like CISA or CISM, and an Executive MBA. Jaime is also a frequent contributor to several technical magazines in Spain featuring state-of-the-art attack and defense mechanisms, network security and general ethical hacking techniques.

Links:

• https://deepsec.net/archive/2013.deepsec.net/speaker.html#PSLOT125

Similar Presentations:

• DeepSec 2020 „The Masquerade“ / U21: Protecting Mobile Devices from Malware Attacks with a Python IDS
• DEF CON 17 (2009) / Is your Iphone Pwned? Auditing, Attacking and Defending Mobile Devices
• DEF CON 21 (2013) / Building an Android IDS on Network Level