Monitoring Smartphones for Anomaly Detection


In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis was applied which lead to a decrease of about 80% of the amount of monitored features.

 author = {Aubrey-Derrick Schmidt and Frank Peters and Florian Lamour and Christian Scheel and Seyit Ahmet Camtepe and Sahin Albayrak},
 title = {Monitoring Smartphones for Anomaly Detection},
 journal = {Mobile Networks and Applications (MONET) -- SPECIAL ISSUE on Mobility of Systems, Users, Data and Computing},
 month = {November},
 publisher = {Springer Netherlands},
 year = {2008}
Aubrey-Derrick Schmidt, Frank Peters, Florian Lamour, Christian Scheel, Seyit Ahmet Camtepe, Sahin Albayrak
Mobile Networks and Applications