CiantiMF – An Android OS Security Framework For Protection Against Tor Botnet Malware
The number of individuals using online payment systems via mobile devices is increasing steadily, which attracts hackers who utilize sophisticated pieces of malware to increase the impact of their malicious attacks. By far, the android OS is the most popular mobile device OS in the whole world. Accordingly, security of android devices is increasingly becoming a hot topic.
The Security Model of the Android OS:
One of the main features that set the android OS apart from other OSs, is the utilization of users identifiers (UIDs) which add multiple security capabilities, when compared to the security models of conventional OSs. Android applications are executed in the form of separate processes that bear different UIDs, and each process has a distinctive group of permissions. As such, no application can read/write code or data to another; however, if an application has to exchange data with another, a specific permission for this should be assigned.
The android OS utilizes the mandatory access control (MAC) model throughout all processes, even throughout those that are executed with root/administrator privileges. This model is based on a specific security labeling system that uses two attributes:
- Subjects: which refer to applications and users
- Objects which refer to the categories that handle information related to different processes
Specific forms of security clearances are linked to applications along with their relevant data. As such, the android OS is linked to various security clearances, the labels of classification data and the specific security policies of the system, in order to determine which subject will be allowed to access a given object.
The labels of classification data are assigned to each object type (network, device, directory and file). As per the security policies, the system will check a subject’s (user or application) security clearances via comparing them to the object’s classification data labels. Whenever security policies are not met, access will be denied, due to the fact that the system automatically performs the classification of “objects” and “subjects”, without any intervention by the users who theoretically cannot modify these rating levels.
An innovative anti-malware security system for android:
Android rootkits represent the most sophisticated malware techniques that render the process of “contamination” detection and analysis of malicious scripts, an extremely complicated task. As such malware forms spread via means of chaotic Tor botnets that make use of the anonymity offered by the Tor network to communicate with their C & C servers. Additionally, the Tor packets’ network traffic is designed to emulate HTTPS’ protocol respective traffic, which leads to major Tor traffic identification vulnerabilities via motion analysis systems. On the other hand, when considering the passive mode of conventional security frameworks of the android OS, which are usually unable to detect such forms of major threats, the development and utilization of alternative more efficient security frameworks has become a necessity.
A group of researchers have recently published a paper that proposed the development and usage of an innovative computational intelligence system, that they named “CiantiMF”. The newly proposed system requires minimal computational resources for operation, yet it greatly increases the security of the android OS.
The architecture of CiantiMF relies on the hybrid usage of a pair of ART JVM (ANDROID) extensions; the SAME and the OTTIE. The SAME extension utilizes a neural network, which is optimized via the BBO algorithm and has the ability to recognize whether or not the java classes of android applications are malicious. The OTTIE extension utilizes the OSELIM algorithm to detect malware, identify Tor traffic and prohibit botnets.
The CiantiMF is a security system that is inspired by artificial intelligence. Apart from previous approaches which rely on individualized techniques of passive security, CiantiMF represents an integrated system that relies on techniques of active security. It utilizes intelligent surveillance processes for the detection and categorization of malware; it has the ability to shield itself and protect android devices against rootkits malware; it identifies and blocks various forms of encrypted Tor activities and can exploit the potential of various hardware using minimal computational resources.
The uniqueness of CiantiMF is namely related to the design of the innovative hybrid computational intelligence framework, which integrates for the first time ever two highly efficient and extremely fast biologically inspired algorithms of machine learning, in order to formulate an efficient multifaceted IT security solution. Another new approach is the adding a hybrid machine learning system as an ART JVM extension within the android OS. This approach adds intelligence at the compiler level, which greatly increases a system’s defense mechanisms, in addition to controlling an application’s outset dependencies.