1 research outputs found
A Methodology for Reliable Detection of Anomalous Behavior in Smartphones
Smartphones have become the most preferred computing device for both personal and
business use. Different applications in smartphones result in different power consumption
patterns. The fact that every application has been coded to perform different tasks leads
to the claim that every action onboard (whether software or hardware) will consequently
have a trace in the power consumption of the smartphone. When the same sequence of
steps is repeated on it, it is observed that the power consumption patterns hold some
degree of similarity. A device infected with malware can exhibit increased CPU usage,
lower speeds, strange behavior such as e-mails or messages being sent automatically and
without the user's knowledge; and programs or malware running intermittently or in cycles
in the background. This deviation from the expected behavior of the device is termed an
anomalous behavior and results in a reduction in the similarity of the power consumption.
The anomalous behavior could also be due to gradual degradation of the device or change in
the execution environment in addition to the presence of malware. The change in similarity
can be used to detect the presence of anomalous behavior on smartphones.
This thesis focuses on the detection of anomalous behavior from the power signatures
of the smartphone. We have conducted experiments to measure and analyze the power
consumption pattern of various smartphone apps. The test bench used for the experiments
has a Monsoon Power Meter, which supplies power to the smartphone, and an external
laptop collects the power samples from the meter. To emulate the presence of anomalous
behavior, we developed an app which runs in the background with varying activity windows.
Based on our experiments and analysis, we have developed two separate models for reliable
detection of anomalous behavior from power signatures of the smartphone. The first model
is based on Independent Component Analysis (ICA) and the second model is based on a
Similarity Matrix developed using an array of low pass filters. These models detect the
presence of anomalies by comparing the current power consumption pattern of the device
under test with that of its normal behavior