BRADFORD SCHOLARS

    • Sign in
    View Item 
    •   Bradford Scholars
    • University of Bradford eTheses
    • Theses
    • View Item
    •   Bradford Scholars
    • University of Bradford eTheses
    • Theses
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of Bradford ScholarsCommunitiesAuthorsTitlesSubjectsPublication DateThis CollectionAuthorsTitlesSubjectsPublication Date

    My Account

    Sign in

    HELP

    Bradford Scholars FAQsCopyright Fact SheetPolicies Fact SheetDeposit Terms and ConditionsDigital Preservation Policy

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    An autonomous host-based intrusion detection and prevention system for Android mobile devices. Design and implementation of an autonomous host-based Intrusion Detection and Prevention System (IDPS), incorporating Machine Learning and statistical algorithms, for Android mobile devices

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    View/Open
    PhD Thesis (11.39Mb)
    Download
    Publication date
    2019
    Author
    Ribeiro, José C.V.G.
    Supervisor
    Abd-Alhameed, Raed A.
    Shepherd, Simon J.
    Mantas, G.
    Keyword
    Security
    Intrusion detection
    Android
    5G
    Prevention
    Host-based
    Malware detection
    Host-based IDS
    Statistical anomaly detection
    Machine learning
    HIDROID (Host-based Intrusion Detection and protection system for andROID)
    Show allShow less
    Rights
    Creative Commons License
    The University of Bradford theses are licenced under a Creative Commons Licence.
    Institution
    University of Bradford
    Department
    School of Engineering, Design and Technology
    Awarded
    2019
    
    Metadata
    Show full item record
    Abstract
    This research work presents the design and implementation of a host-based Intrusion Detection and Prevention System (IDPS) called HIDROID (Host-based Intrusion Detection and protection system for andROID) for Android smartphones. It runs completely on the mobile device, with a minimal computation burden. It collects data in real-time, periodically sampling features that reflect the overall utilisation of scarce resources of a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The Detection Engine of HIDROID adopts an anomaly-based approach by exploiting statistical and machine learning algorithms. That is, it builds a data-driven model for benign behaviour and looks for the outliers considered as suspicious activities. Any observation failing to match this model triggers an alert and the preventive agent takes proper countermeasure(s) to minimise the risk. The key novel characteristic of the Detection Engine of HIDROID is the fact that it requires no malicious data for training or tuning. In fact, the Detection Engine implements the following two anomaly detection algorithms: a variation of K-Means algorithm with only one cluster and the univariate Gaussian algorithm. Experimental test results on a real device show that HIDROID is well able to learn and discriminate normal from anomalous behaviour, demonstrating a very promising detection accuracy of up to 0.91, while maintaining false positive rate below 0.03. Finally, it is noteworthy to mention that to the best of our knowledge, publicly available datasets representing benign and abnormal behaviour of Android smartphones do not exist. Thus, in the context of this research work, two new datasets were generated in order to evaluate HIDROID.
    URI
    http://hdl.handle.net/10454/18742
    Type
    Thesis
    Qualification name
    PhD
    Collections
    Theses

    entitlement

     

    Related items

    Showing items related by title, author, creator and subject.

    • Thumbnail

      Current Based Fault Detection and Diagnosis of Induction Motors. Adaptive Mixed-Residual Approach for Fault Detection and Diagnosis of Rotor, Stator, Bearing and Air-Gap Faults in Induction Motors Using a Fuzzy Logic Classifier with Voltage and Current Measurement only.

      Ebrahimi, Kambiz M.; Wood, Alastair S.; Pestell, Charles; Bradley, William J. (University of BradfordSchool of Engineering, Design and Technology, 2015-06-16)
      Induction motors (IM) find widespread use in modern industry and for this reason they have been subject to a significant amount of research interest in recent times. One particular aspect of this research is the fault detection and diagnosis (FDD) of induction motors for use in a condition based maintenance (CBM) strategy; by effectively tracking the condition of the motor, maintenance action need only be carried out when necessary. This type of maintenance strategy minimises maintenance costs and unplanned downtime. The benefits of an effective FDD for IM is clear and there have been numerous studies in this area but few which consider the problem in a practical sense with the aim of developing a single system that can be used to monitor motor condition under a range of different conditions, with different motor specifications and loads. This thesis aims to address some of these problems by developing a general FDD system for induction motor. The solution of this problem involved the development and testing of a new approach; the adaptive mixed-residual approach (AMRA). The main aim of the AMRA system is to avoid the vast majority of unplanned failures of the machine and therefore as opposed to tackling a single induction motor fault, the system is developed to detect all four of the most statistically prevalent induction motor fault types; rotor fault, stator fault, air-gap fault and bearing fault. The mixed-residual fault detection algorithm is used to detect these fault types which includes a combination of spectral and model-based techniques coupled with particle swarm optimisation (PSO) for automatic identification of motor parameters. The AMRA residuals are analysed by a fuzzy-logic classifier and the system requires only current and voltage inputs to operate. Validation results indicate that the system performs well under a range of load torques and different coupling methods proving it to have significant potential for use in industrial applications.
    • Thumbnail

      A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.

      Cullen, Andrea J.; Woodward, Mike E.; Mohd Saudi, Madihah (University of BradfordDepartment of Computing, School of Computing, Informatics and Media, 2012-04-17)
      Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms attack in order to respond to worms more efficiently. The novelty and the strengths of the STAKCERT model lies in the method implemented which consists of STAKCERT KDD processes and the development of STAKCERT worm classification, STAKCERT relational model and STAKCERT worm apoptosis algorithm. The new concept introduced in this model which is named apoptosis, is borrowed from the human immunology system has been mapped in terms of a security perspective. Furthermore, the encouraging results achieved by this research are validated by applying the security metrics for assigning the weight and severity values to trigger the apoptosis. In order to optimise the performance result, the standard operating procedures (SOP) for worm incident response which involve static and dynamic analyses, the knowledge discovery techniques (KDD) in modeling the STAKCERT model and the data mining algorithms were used. This STAKCERT model has produced encouraging results and outperformed comparative existing work for worm detection. It produces an overall accuracy rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate. Worm response has resulted in an accuracy rate of 98.08% which later can be used by other researchers as a comparison with their works in future.
    • Thumbnail

      Automated dust storm detection using satellite images. Development of a computer system for the detection of dust storms from MODIS satellite images and the creation of a new dust storm database.

      Ipson, Stanley S.; Qahwaji, Rami S.R.; El-Ossta, Esam E.A. (University of BradfordDigital Imaging, School of Computing, Informatics and Media, 2013-12-09)
      Dust storms are one of the natural hazards, which have increased in frequency in the recent years over Sahara desert, Australia, the Arabian Desert, Turkmenistan and northern China, which have worsened during the last decade. Dust storms increase air pollution, impact on urban areas and farms as well as affecting ground and air traffic. They cause damage to human health, reduce the temperature, cause damage to communication facilities, reduce visibility which delays both road and air traffic and impact on both urban and rural areas. Thus, it is important to know the causation, movement and radiation effects of dust storms. The monitoring and forecasting of dust storms is increasing in order to help governments reduce the negative impact of these storms. Satellite remote sensing is the most common method but its use over sandy ground is still limited as the two share similar characteristics. However, satellite remote sensing using true-colour images or estimates of aerosol optical thickness (AOT) and algorithms such as the deep blue algorithm have limitations for identifying dust storms. Many researchers have studied the detection of dust storms during daytime in a number of different regions of the world including China, Australia, America, and North Africa using a variety of satellite data but fewer studies have focused on detecting dust storms at night. The key elements of this present study are to use data from the Moderate Resolution Imaging Spectroradiometers on the Terra and Aqua satellites to develop more effective automated method for detecting dust storms during both day and night and generate a MODIS dust storm database.
    DSpace software (copyright © 2002 - 2022)  DuraSpace
    Quick Guide | Contact Us
    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.