DAGGER : Distributed Architecture for Granular Mitigation of Mobile Based Attacks -

Abstract

Over the past years, the world has witnessed sharp advancements in the field of mobile phones. What used to be known as a limited-feature mobile device for basic tasks has evolved into becoming a pocket size computer with enhanced features and computing power known as a smartphone. These devices pack various new capabilities such as access to cellular networks with various standards, access to the Internet, multi-tasking, and support of rich APIs for application development. The popularity of smartphones has been increasing as well, where global shipments reached over one billion units in 2014. This growth has been reflected on the telecom operators' networks usage. Smartphones that represented 18percent of the total global handsets in 2012 generated 92 percent of the total global handset traffic. However, this advancement comes with a dark side where smartphones became the main playground for malware developers, with Android operating system being the most vulnerable platform (target of 99percent of mobile malware). Several of the collected malicious applications demonstrated advanced capabilities such as data theft, root exploitation, and bot-net related operations. In fact, the interoperability of smartphones has brought Internet security issues to the cellular networks, forcing operators to consider developing detection and mitigation solutions in order to protect their resources and infrastructure. In this thesis, we present DAGGER, a distributed architecture for collaborating mobile hosts and telecom operators for the granular mitigation of mobile-based attacks. Several security solutions are available in the market for telecom operators to detect anomalies. DAGGER extends those solutions and enables the operators to not only detect the subscriber(s) that generated anomalies, but also to identify the malicious applications behind those abnormalities, allowing the operators to terminate the malwares themselves rather than shutdown the network connection for the mobile subscriber(s). We defined the host-based component and th