Monitoring Smartphones for Anomaly Detection


In this paper we demonstrate how to monitor a smartphone running Symbian OS in order to extract features that describe the state of the device and can be used for anomaly detection. These features are sent to a remote server, because running a complex intrusion detection system (IDS) on this kind of mobile device still is not feasible, due to capability and hardware limitations. We give examples on how to compute some of the features and introduce the top ten applications used by mobile phone users basing on a study in 2005. The usage of these applications is recorded and visualized and for a first comparison, data results of the monitoring of a simple malware are given.

 author = {Aubrey-Derrick Schmidt and Frank Peters and Florian Lamour and Sahin Albayrak},
 title = {Monitoring Smartphones for Anomaly Detection},
 booktitle = {MOBILWARE '08: Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications},
 year = {2007},
 isbn = {978-1-59593-984-5},
 pages = {1--6},
 location = {Innsbruck, Austria},
 publisher = {ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)},
 address = {ICST, Brussels, Belgium, Belgium},
Aubrey-Derrick Schmidt, Frank Peters, Florian Lamour, Sahin Albayrak
Conference Paper
Mobilware 2008, Innsbruck, Österreich