Abstract
Widespread use and general purpose computing capabilities of next generation smartphones make them the next big targets of malicious software (malware) and security attacks. Given the battery, computing power, and bandwidth limitations inherent to such mobile devices, detection of malware on them is a research challenge that requires a different approach than the ones used for desktop/laptop computing. We present a novel probabilistic diffusion scheme for detecting anomalies possibly indicating malware which is based on device usage patterns. The relationship between samples of normal behavior and their features are modeled through a bipartite graph which constitutes the basis for the stochastic diffusion process. Subsequently, we establish an indirect similarity measure among sample points. The diffusion kernel derived over the feature space together with the Kullback-Leibler divergence over the sample space provide an anomaly detection algorithm. We demonstrate its applicability in two settings using real world mobile phone data. Initial experiments indicate that the diffusion algorithm outperforms others even under limited training data availability.
Chapter PDF
Similar content being viewed by others
References
Agarwal, S.: Ranking on Graph Data. In: Proc. Int. Conf. on Machine Learning, ICML, pp. 25–32 (2006)
Alpcan, T., Başar, T.: A game theoretic analysis of intrusion detection in access control systems. In: Proc. IEEE Conf. Decision and Control, pp. 1568–1573 (2004)
Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proc. ACM Conf. on Computer and Communications Security, pp. 1–7 (1999)
Bloem, M., Alpcan, T., Başar, T.: An optimal control approach to malware filtering. In: Proc. 46th IEEE Conference on Decision and Control, New Orleans, LA (December 2007)
Bloem, M., Alpcan, T., Schmidt, S., Başar, T.: Malware filtering for network security using weighted optimality measures. In: IEEE Conference on Control Applicatons (CCA), Singapore (October 2007)
Bye, R., Luther, K., Camtepe, S.A., Alpcan, T., Albayrak, S., Yener, B.: Decentralized detector generation in cooperative intrusion detection systems. In: Masuzawa, T., Tixeuil, S. (eds.) SSS 2007. LNCS, vol. 4838, pp. 37–51. Springer, Heidelberg (2007)
Cheng, J., Wong, S.H.Y., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: Proc. of Int. Conf. on Mobile Systems, Applications, and Services (Mobisys 2007), pp. 258–271 (2007)
Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-Aware Malware Detection. In: Proc. IEEE Symp. on Security and Privacy, pp. 32–46 (2005)
Coursen, S.: The future of mobile malware. Network Security (8), 7–11 (August 2007)
Dalal, N., Triggs, B.: Histograms of Oriented Gradients for Human Detection. In: Proc. CVPR, vol. 2, pp. 886–893 (2005)
Eagle, N., Pentland, A.S.: Reality mining: sensing complex social systems. Personal Ubiquitous Computing 10(4), 255–268 (2006)
Fouss, F., Pirotte, A., Renders, J.M., Saerens, M.: Random-Walk Computation of Similarities between Nodes of a Graph with Application to Collaborative Recommendation. IEEE Trans. on Knowledge and Data Engineering 19(3), 355–369 (2007)
Gao, B., Liu, T.Y., Ma, W.Y.: Star-Structured Higher-Order Heterogeneous Data Co-Clustering Based on Consistent Information Theory. In: Proc. ICDM, pp. 880–884 (2006)
Idika, N., Mathur, A.: A Survey of Malware Detection Techniques. Tech. Rep. SERC-TR-286, Software Engineering Research Center (March 2007)
Kashima, H., Tsuda, K., Inokuchi, A.: Kernels for graphs. In: Schölkopf, B., Tsuda, K., Vert, J.P. (eds.) Kernel Methods in Computational Biology, pp. 155–170. MIT Press, Cambridge (2004)
Kondor, R., Lafferty, J.: Diffusion Kernels on Graphs and Other Discrete Input Spaces. In: Proc. ICML, pp. 315–322 (2002)
Langville, A., Meyer, C.: A Survey of Eigenvector Methods for Web Information Retrieval. SIAM Review 47(1), 135–161 (2005)
Luther, K., Bye, R., Alpcan, T., Muller, A., Albayrak, S.: A cooperative AIS framework for intrusion detection. In: Proc. of the IEEE Conference on Communication (ICC), Glasgow, Scotland, June 2007, pp. 1409–1416 (2007)
Maloof, M. (ed.): Machine Learning and Data Mining for Computer Security. Springer, Heidelberg (2006)
Messmer, E.: New approaches to malware detection coming into view. Network World (April 2007), http://www.networkworld.com/news/2007/042507-malware-detection.html
Miettinen, M., Halonen, P.: Host-based intrusion detection for advanced mobile devices. In: Proc. of 20th Intl. Conf. on Advanced Information Networking and Applications (AINA’06), vol. 2, pp. 72–76. IEEE Computer Society, Washington (2006)
Salton, G.: Introduction to Modern Information Retrieval. McGraw-Hill, New York (1983)
Schmidt, A.D., Peters, F., Lamour, F., Albayrak, Ş.: Monitoring smartphones for anomaly detection. In: Proc. of First Int. Conf. on Mobile Wireless Middleware, Operating Systems, and Applications (MOBILWARE 2008) (February 2008)
Schmidt, S., Alpcan, T., Albayrak, S., Başar, T., Muller, A.: A malware detector placement game for intrusion detection. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141. Springer, Heidelberg (2008)
Wang, K., Stolfo, S.: Anomalous Payload-Based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)
Wu, N., Zhang, J.: Factor-analysis Based Anomaly Detection and Clustering. Decision Support Systems 42(1), 375–389 (2006)
Yap, T.S., Ewe, H.T.: A mobile phone malicious software detection model with behavior checker. In: Shimojo, S., Ichii, S., Ling, T.-W., Song, K.-H. (eds.) HSI 2005. LNCS, vol. 3597, pp. 57–65. Springer, Heidelberg (2005)
Zhou, D., Weston, J., Gretton, A., Bousquet, O., Schölkopf, B.: Ranking on Data Manifolds. In: Proc. NIPS, pp. 169–176 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Alpcan, T., Bauckhage, C., Schmidt, AD. (2010). A Probabilistic Diffusion Scheme for Anomaly Detection on Smartphones. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds) Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. WISTP 2010. Lecture Notes in Computer Science, vol 6033. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12368-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-12368-9_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12367-2
Online ISBN: 978-3-642-12368-9
eBook Packages: Computer ScienceComputer Science (R0)