A complete behavioral measurement and reporting: Optimized for mobile devices

Abstract

Security is an important factor in today's IT infrastructure due to complex and vast variety of malware threats. One way to tackle these malware is via signaturebased techniques. However, this requires human effort in identification of threats and is not scalable. The second way is to detect malware via behavior-based reference monitor so called O-Day' malware. In this paper, we have optimized behavior-based technique for a specific use-case, based on today's enterprise requirement. We have built behavior-based light-weight reference monitor to measure and report a complete system call sequences as well as its arguments. The measurements are stored into Trusted Platform Module (TPM) protected location. The reference monitor splits the sequences of system calls and its arguments. Arguments and their verification is performed independent of each other via machine learning techniques. The behavior monitor is designed and developed on the core Linux Security Module (LSM). The same monitor is also designed and developed for Android-based platform via a newly built architecture called Android Security Module (ASM).