We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Building an Android IDS on Network Level

16
 Cite
 Share
 Related Material
 Download
 Purchase
No logo availableDEF CON
 Sanchez, Jaime

Formal Metadata

Title
Building an Android IDS on Network Level
Title of Series
Number of Parts
112
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date2013
LanguageEnglish

Content Metadata

Subject Area
Genre
Abstract
Being popular is not always a good thing and hereís why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection framework that will be the first open source Android IDS on network level. This open source network-based intrusion detection system and network-based intrusion protection system has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks, featuring: Protocol analysis, Content searching and Content matching. In IDS/IPS mode, the program will monitor network traffic and analyze it against a rule set defined by the user, and then perform a specific action based on what has been identified. With the help of custom build signatures, the framework can also be used to detect probes or attacks designed for mobile devices, fool and cheat operating system fingerprinting attempts (like nmap or p0f), server message block probes, etc. Jaime Sanchez (@segofensiva) is passionate about computer security. He has worked for over 13 years as a specialist advisor for large national and international companies. As a specialist advisor, he focuses on different aspects of security such as consulting, auditing, training and ethical hacking techniques. He works in the Security Operations Center (SOC) of a multinational telecommunications company offering managed security services for IBEX35 companies. He has a Computer Engineering degree and has completed an Executive MBA (Master in Business Administration). In addition, he holds several certifications: CISA, CISM, CISSP, CCNA, CCNA SECURITY, and ITIL, just to name a few. In his free time, he conducts research on security and works as an independent consultant. He has spoken in renowned security conferences nationally and internationally, introducing new bugs and exploitation techniques and mitigation, as in RootedCON in Spain, and Nuit du Hack in Paris. In the coming months, he will be presenting at Blackhat Arsenal USA 2013. Defcon XXI, DerbyCON or Hacktivity. Jaime is a frequent contributor to several technical magazines involved with state-of-the-art attack and defense mechanisms, network security and general ethical hacking techniques. He also writes a blog called "Seguridad Ofensiva"(http://www.seguridadofensiva.com/) touching on current topics in the field of hacking and security.