Monitoring smartphones for anomaly detection

Schmidt, Aubrey-Derrick, Peters, Frank, Lamour, Florian, Scheel, Christian, Camtepe, Seyit A., & Albayrak, Sahin (2009) Monitoring smartphones for anomaly detection. Mobile Networks and Applications, 14(1), pp. 92-106.

View at publisher


In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis was applied which lead to a decrease of about 80 of the amount of monitored features.

Impact and interest:

42 citations in Scopus
Search Google Scholar™
25 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 57359
Item Type: Journal Article
Refereed: Yes
Keywords: Anomaly detection, Monitoring, Smartphones
DOI: 10.1007/s11036-008-0113-x
ISSN: 1572-8153
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Operating Systems (080307)
Australian and New Zealand Standard Research Classification > TECHNOLOGY (100000) > COMMUNICATIONS TECHNOLOGIES (100500) > Computer Communications Networks (100503)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2009 Kluwer Academic Publishers
Deposited On: 19 Feb 2013 01:07
Last Modified: 12 Jun 2013 15:32

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page