1. Field
This disclosure is generally related to network security. More specifically, this disclosure is related to a method and system for intrusion detection at a centralized server.
2. Related Art
Malware is malicious software that is designed to infiltrate or damage a computing device without an owner's informed consent. Malware can include computer viruses, worms, Trojan horses, rootkits, spyware, adware, and so on. Malware has become a common way to commit online fraud. An intrusion detection system is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, or disabling of computer systems through a network.
Signature detection is a technique often used in intrusion detection systems. In the signature detection process, network or system information is scanned against a known attack or malware signature database. If a match is found, an alert takes place for further actions. This technique requires the signatures to be constantly updated in order to mitigate emerging threats. Moreover, malware programmers increasingly utilize code obfuscation techniques to cloak their malware. For example, malware programmers can use polymorphic algorithms to mutate their codes, thus making it difficult for intrusion detection systems to detect the malicious codes.
Another commonly used technique in intrusion detection systems is anomalous behavior detection. In the anomalous behavior detection process, the intrusion detection systems generate a statistical baseline of the traffic on a network, and flag any traffic that does not fit the statistical norm behavior. However, the anomalous behavior detection is both costly and prone to errors.
In addition, with the explosive adoption rates of smart phones and other types of mobile devices, mobile malware infection is expected to escalate in the near future. Because mobile devices have inherent limitations, such as power, memory, and bandwidth, current intrusion detection systems are not well-suited to protect mobile devices against malware attacks.