A Probabilistic Diffusion Scheme for Anomaly Detection on Smartphones

Widespread use and general purpose computing capabilities of next generation smartphones make them the next big targets of malicious software (malware) and security attacks. Given the battery, computing power, and bandwidth limitations inherent to such mobile devices, detection of malware on them is a research challenge that requires a different approach than the ones used for desktop/laptop computing. We present a novel probabilistic diffusion scheme for detecting anomalies possibly indicating malware which is based on device usage patterns. The relationship between samples of normal behavior and their features are modeled through a bipartite graph which constitutes the basis for the stochastic diffusion process. Subsequently, we establish an indirect similarity measure among sample points. The diffusion kernel derived over the feature space together with the Kullback-Leibler divergence over the sample space provide an anomaly detection algorithm. We demonstrate its applicability in two settings using real world mobile phone data. Initial experiments indicate that the diffusion algorithm outperforms others even under limited training data availability.

[1]  Alex Pentland,et al.  Reality mining: sensing complex social systems , 2006, Personal and Ubiquitous Computing.

[2]  Markus Miettinen,et al.  Host-Based Intrusion Detection for Advanced Mobile Devices , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[3]  Stefan Axelsson,et al.  The base-rate fallacy and its implications for the difficulty of intrusion detection , 1999, CCS '99.

[4]  Hong Tat Ewe,et al.  A Mobile Phone Malicious Software Detection Model with Behavior Checker , 2005, Human.Society@Internet.

[5]  Shane Coursen Mobile Malware: The future of mobile malware , 2007 .

[6]  Tansu Alpcan,et al.  A Cooperative AIS Framework for Intrusion Detection , 2007, 2007 IEEE International Conference on Communications.

[7]  H. Kashima,et al.  Kernels for graphs , 2004 .

[8]  Michael Bloem,et al.  Malware Filtering for Network Security Using Weighted Optimality Measures , 2007, 2007 IEEE International Conference on Control Applications.

[9]  Bernhard Schölkopf,et al.  Ranking on Data Manifolds , 2003, NIPS.

[10]  Sahin Albayrak,et al.  Monitoring Smartphones for Anomaly Detection , 2009, Mob. Networks Appl..

[11]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing) , 2005 .

[12]  Songwu Lu,et al.  SmartSiren: virus detection and alert for smartphones , 2007, MobiSys '07.

[13]  Amy Nicole Langville,et al.  A Survey of Eigenvector Methods for Web Information Retrieval , 2005, SIAM Rev..

[14]  Shivani Agarwal,et al.  Ranking on graph data , 2006, ICML.

[15]  Bernhard Schölkopf,et al.  Kernel Methods in Computational Biology , 2005 .

[16]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[17]  Bill Triggs,et al.  Histograms of oriented gradients for human detection , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[18]  Tie-Yan Liu,et al.  Star-Structured High-Order Heterogeneous Data Co-clustering Based on Consistent Information Theory , 2006, Sixth International Conference on Data Mining (ICDM'06).

[19]  John D. Lafferty,et al.  Diffusion Kernels on Graphs and Other Discrete Input Spaces , 2002, ICML.

[20]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[21]  Tok Wang Ling,et al.  Web and Communication Technologies and Internet-Related Social Issues — HSI 2003 , 2003, Lecture Notes in Computer Science.

[22]  Tansu Alpcan,et al.  Decentralized Detector Generation in Cooperative Intrusion Detection Systems , 2007, SSS.

[23]  Michael Bloem,et al.  An optimal control approach to malware filtering , 2007, 2007 46th IEEE Conference on Decision and Control.

[24]  François Fouss,et al.  Random-Walk Computation of Similarities between Nodes of a Graph with Application to Collaborative Recommendation , 2007, IEEE Transactions on Knowledge and Data Engineering.

[25]  Michael McGill,et al.  Introduction to Modern Information Retrieval , 1983 .

[26]  Bernhard Schölkopf,et al.  Joint Kernel Maps , 2005, IWANN.

[27]  Alan R. Simon,et al.  Network security , 1994 .

[28]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[29]  Jing Zhang,et al.  Factor-analysis based anomaly detection and clustering , 2006, Decis. Support Syst..

[30]  Tansu Alpcan,et al.  A Malware Detector Placement Game for Intrusion Detection , 2007, CRITIS.

[31]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security , 2006 .

[32]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).