Mobile Networks and Applications

, Volume 14, Issue 1, pp 92–106 | Cite as

Monitoring Smartphones for Anomaly Detection

  • Aubrey-Derrick Schmidt
  • Frank Peters
  • Florian Lamour
  • Christian Scheel
  • Seyit Ahmet Çamtepe
  • Şahin Albayrak


In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis was applied which lead to a decrease of about 80% of the amount of monitored features.


smartphones monitoring anomaly detection 


  1. 1.
    Abowd GD, Iftode L, Mitchel H (2005) The Smart phone: a first platform for pervasive computing. IEEE Perv Comput 4:18–19CrossRefGoogle Scholar
  2. 2.
    Albayrak S, Scheel C, Milosevic D, Müller A (2005) Combining self-organizing map algorithms for robust and scalable intrusion detection. In: Mohammadian M (ed) Proceedings of international conference on computational intelligence for modelling control and automation (CIMCA 2005). IEEE Computer Society, Los Alamitos, pp 123–130CrossRefGoogle Scholar
  3. 3.
    Allen J, Christie A, Fithen W, McHugh J, Pickel J, Stoner E (2000) State of the practice of intrusion detection technologies. Technical Report, CMU/SEI-99-TR-028. Carnegie Mellon Software Engeneering Institue, Pittsburgh, PA, pp 15213–3890Google Scholar
  4. 4.
    Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Technical Report 99-15. Department of Computer Engineering Chalmers University of Technology Göteborg, SwedenGoogle Scholar
  5. 5.
    Buennemeyer TK, Nelson TM, Clagett LM, Dunning JP, Marchany RC, Tront JG (2008) Mobile device profiling and intrusion detection using smart batteries. In: HICSS ’08: Proceedings of the proceedings of the 41st annual Hawaii international conference on system sciences, p 296. IEEE Computer Society, Washington, DC. doi:10.1109/HICSS.2008.319 CrossRefGoogle Scholar
  6. 6.
    Bundesverband Informationswirtschaft Telekommunikation und neue Medien e.V.-BITKOM (2006) Mehr Handys als Einwohner in Deutschland.
  7. 7.
    Bulygin Y (2007) Epidemics of mobile worms. In: Proceedings of the 26th IEEE international performance computing and communications conference, IPCCC 2007, New Orleans, 11–13 April 2007. IEEE Computer Society, Los Alamitos, pp 475–478Google Scholar
  8. 8.
    Canalys (2006) EMEA Q3 2006—Highlight From the Canalys Research. (online visited 2007.10.04)
  9. 9.
    Cheng J, Wong SHY, Yang H, Lu S (2007) Smartsiren: virus detection and alert for smartphones. In: International conference on mobile systems, applications, and services (Mobisys 2007), Puerto Rico, 11–14 June 2007, pp. 258–271Google Scholar
  10. 10.
    Davis G, Davis N (2004) Battery-based intrusion detection. In: Global telecommunications conference, 2004. GLOBECOM ’04, vol 4. IEEE, Piscataway, pp 2250–2255. doi:10.1109/GLOCOM.2004.1378409 Google Scholar
  11. 11.
    Deegalla S, Bostrom H (2006) Reducing high-dimensional data by principal component analysis vs. random projection for nearest neighbor classification. In: ICMLA ’06: Proceedings of the 5th international conference on machine learning and applications. IEEE Computer Society, Washington, DC, pp 245–250. doi:10.1109/ICMLA.2006.43 CrossRefGoogle Scholar
  12. 12.
    Forrest S, Perelson AS, Allen L, Cherukuri R (1994) Self-nonself discrimination in a computer. In: Proceedings of the IEEE symposium on research in security and privacy. IEEE Computer Society, Silver Spring, pp 202–212Google Scholar
  13. 13.
    Glickman M, Balthrop J, Forrest S (2005) A machine learning evaluation of an artificial immune system. Evol Comput 13(2):179–212 (2005). doi:10.1162/1063656054088503 CrossRefGoogle Scholar
  14. 14.
    Gostev A (2006) Mobile malware evolution: An overview, part 1.
  15. 15.
    Gröber M (2007) Applications for Symbian. (15 Aug 2007)
  16. 16.
    Hofmeyr S, Forrest S (2000) Architecture for an artificial immune system. Evol Comput J 8(4):443–473. doi:10.1162/106365600568257 CrossRefGoogle Scholar
  17. 17.
    Jamaluddin J, Zotou N, Edwards R, Coulton P (2004) Mobile phone vulnerabilities: a new generation of malware. In: Proceedings of the 2004 IEEE international symposium on consumer Electronics. IEEE, Piscataway, pp 199–202CrossRefGoogle Scholar
  18. 18.
    Kohonen T (2001) Self-organizing maps. Springer series in information sciences, vol 30, 3rd edn. Springer, Heidelberg. ISBN 3–540–67921–9, ISSN 0720–678XGoogle Scholar
  19. 19.
    Lawton G (2002) Open source security: opportunity or oxymoron? Comput 35(3):18–21. doi:10.1109/2.989921 CrossRefGoogle Scholar
  20. 20.
    Luther K, Bye R, Alpcan T, Albayrak S, Müller A (2007) A cooperative AIS framework for intrusion detection. In: Proceedings of the IEEE international conference on communications (ICC 2007), Glasgow, 24–28 June 2007Google Scholar
  21. 21.
    Microsoft Corporation (2007) Windows Mobile. (online visited 2007.10.04)
  22. 22.
    Miettinen M, Halonen P, Hätönen K (2006) Host-based intrusion detection for advanced mobile devices. In: AINA ’06: proceedings of the 20th international conference on advanced information networking and applications, vol 2 (AINA’06). IEEE Computer Society, Washington, DC, pp. 72–76. doi: CrossRefGoogle Scholar
  23. 23.
    Nokia (2007) Nokia E61. (15 Aug 2007)
  24. 24.
    Oberheide J, Cooke E, Jahanian F (2008) Cloudav: N-version antivirus in the network cloud. In: Proceedings of the 17th USENIX security symposium (Security’08), San Jose, 28 July–1 August 2008Google Scholar
  25. 25.
    Rhodes BC, Mahaffey JA, Cannady JD (2000) Multiple self-organizing maps for intrusion detection. In: 23rd National information systems security conference—PROCEEDINGS, PAPERS, and SLIDE PRESENTATIONS. (2007-04-19)
  26. 26.
    Roussos G, March AJ, Maglavera S (2005) Enabling pervasive computing with Smart phones. IEEE Perv Comput 4:20–27CrossRefGoogle Scholar
  27. 27.
    Spafford E, Zamboni D (2000) Data collection mechanisms for intrusion detection systems. CERIAS Technical Report 2000-08. CERIAS, Purdue University, 1315 Recitation Building, West Lafayette, INGoogle Scholar
  28. 28.
    Symbian Software Limited (2007) Symbian OS—the mobile operating system. (online visited 2007.10.04)
  29. 29.
    TNS Technology (2005) Consumer trends in mobile applications—a TNS technology briefing for technology decision makers. (online visited 2007.10.04)

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Aubrey-Derrick Schmidt
    • 1
  • Frank Peters
    • 1
  • Florian Lamour
    • 1
  • Christian Scheel
    • 1
  • Seyit Ahmet Çamtepe
    • 1
  • Şahin Albayrak
    • 1
  1. 1.DAI-LaborTechnische Universität BerlinBerlinGermany

Personalised recommendations