A Cloud-based Intrusion Detection and Response System for Mobile Phones

Aim:
The main aim of this project is to avoid the attacks for smart phones by using cloud environment to detect intrusion and provide response system for mobile phones.

Synopsis:
As smart mobile phones, so called smart phones are getting more complex and more powerful to efficiently provide more functionality concerns are increasing regarding security threats against the smart phone users. Since smart phones use the same software architecture as in PCs, they are vulnerable to similar classes of security risks such as viruses, Trojans, and worms. In this paper, we propose a cloud based smart phonespecific intrusion detection and response engine, which continuously performs an indepth forensics analysis on the smart phone to detect any misbehaviour. In case misbehaviour is detected, the proposed engine decides upon and takes optimal response actions to thwart the ongoing attacks. Despite the computational and storage resource limitations in smart phone devices, the engine can perform a complete and in-depth analysis on the smart phone, since all the investigations are carried out on an emulated device in a cloud environment.

Existing System:
In the past, intrusion process had to be installed in smart phone end users. As another issue, none of the past proposed techniques provide automated response and recovery for the detected security threats. This is essential in order to quickly terminate the attack and restore the phone back to its normal operational mode.

Proposed System:
To address the critical challenge of keeping smart phone secure, cloud-based intrusion detection has been proposed. A synchronized cloud-based intrusion detection and response framework for smart phone devices is proposed.

Modules: Cloud Architecture Design Client registration & proxy process Intrusion detection

Cloud Architecture Design

Cloud computing has computational and sociological implications. In computational terms cloud computing is described as a subset of grid computing concerned with the use of special shared computing resources. For this reason it is described as a hybrid model exploiting computer networks resources, chiefly Internet, enhancing the features of the client/server scheme. From a sociological standpoint on the other hand, by delocalizing hardware and software resources cloud computing changes the way the user works as he/she has to interact with the "clouds" on-line, instead of in the traditional stand-alone mode.

Client registration & proxy process

A smart phone to be protected by the framework should be registered by its owner to the frameworks online registration system. To register, the client should first specify his or her device, it operating system and the application list, so that the frameworks can instantiate an identical image of the smart phone in cloud. A proxy server is responsible for duplicating the communication between the smart phone and the Internet and forwarding it to the intrusion detection environment in cloud where the detection and forensics analyses are performed.

Intrusion detection
In case misbehaviour is detected, our intrusion response engine in the emulation environment solves a resource intensive game-theoretic optimization, and sends the selected optimal response action to the agent running on the smart phone device. The agent, then, can take the required actions and recover the smart phone back to its normal secure operational mode.

Software Requirements:
Windows 7 Xampp Eye-Os 2.5 JDK 1.6 Spring 2.5 MySql 3.2 Android 2.2 and above JavaFx 1.3.1

Hardware Requirements:
Hard Disk RAM Processor : : : 80GB and Above 2GB and Above Core i3 and above

Architecture Diagram: