Monitoring smartphones for anomaly detection

In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system (IDS) on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis (PCA) was applied which lead to a decrease of about 80% of the amount of monitored features. This work was funded by Deutsche Telekom Laboratories. Note that this is a user-built version. The original published version can by found at http://www.springerlink.com DOI:10.1007/s11036008-0113-x. Aubrey-Derrick Schmidt Technische Universität Berlin / DAI-Labor Tel.: +49 (0)30 314 74039 Fax: +49 (0)30 314 74003 E-mail: [email protected] Frank Peters E-mail: [email protected] Florian Lamour E-mail: [email protected] Christian Scheel E-mail: [email protected] Seyit Ahmet Çamptepe E-mail: [email protected] Şahin Albayrak E-mail: [email protected]