DeepSec 2020 U21 Talk: Protecting Mobile Devices from Malware Attacks with a Python IDS – Kamila Babayeva, Sebastian Garcia
[Editorial note: We are proud to publish the articles about the U21 presentation slot for young researchers. The U21 track is a tradition of DeepSec. We aim to support (young) talents and give them a place on the stage to present their ideas and to gain experience.]
Technology poses a risk of cyber attacks to all of us, but mobile devices are more at risk because there are no good detection applications for phones, and because they are the target of many novel attacks. We still don’t have a good idea of what our phones are doing in the network. To be better protected, mobile devices need better detection solutions from our community.
In this talk I will present the development of Slips, a Python-based, free software IDS using machine learning to detect attacks in the network traffic of devices. For the last year I have been developing the core parts of Slips and a new command line graphical interface in Node.js. This talk will show how to use Slips for performing traffic analysis, behavioural study and detection of real malware executed in mobile devices. During this research, I executed several remote access trojan (RAT) applications for Android. I plan to show how to detect them using Slips. Slips offers to our community an open solution that we are working to improve with the latest technology.
Kamila Babayeva is a second-year bachelor student of the Computer Science and Electrical Engineering program at the Czech Technical University in Prague. She is a researcher at the Civilsphere project, a project dedicated to protecting civil organizations and individuals from targeted attacks.
Her research focuses on helping people and protecting their digital rights by developing free software based on machine learning. Initially, she worked as a junior Malware Reverser. Currently,at the Civilsphere lab, Kamila leads the development of the Stratosphere Linux Intrusion Prevent System (Slips), which is used to protect the civil society. Kamila has given a series of presentations about Slips and Kalipso architecture at conferences such as OWASP CZ Chapter and OpenAlt.
Sebastian is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect the civil society. He likes to analyze network patterns and attacks with machine learning.
As a researcher of the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments.
He was lucky enough to talk at Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.