MASc Seminar: A Methodology for Reliable Detection of Anomalous Behavior in Smartphones

Tuesday, December 5, 2017 2:30 pm - 2:30 pm EST (GMT -05:00)

Candidate: Robin Joe Prabhahar Soundar Raja James

Title: A Methodology for Reliable Detection of Anomalous Behavior in Smartphones

Date: December 5, 2017

Time: 2:30pm

Place: EIT 3141

Supervisor(s): Naik, Kshirasagar - Dabbagh, Mohamed-Yahia

Abstract:

Smartphones have become the most preferred computing device for both personal and business use. Increased portability, computing power, memory capacity, connectivity, a user friendly and enhanced interface and the advent of Mobile Applications (Apps) have made them popular in healthcare, banking, home security and automation, IoT and other security-critical applications.

Smartphones, today, are repositories for large amounts of confidential data and hence attract the attention of hackers. The meteoric increase in the number of smartphones and connected devices has made them prone to attackers trying to steal personal, financial or business information and hence security in smartphones has become critical. Remote monitoring of all the smartphones and connected devices is not feasible because of the sheer numbers of them in use. This makes autonomous monitoring and detection of anomalous behavior extremely important in maintaining network and device security.  

Different applications in smartphones result in different power consumption patterns. The fact that every application has been coded to perform different tasks leads to the claim that every action onboard (whether software or hardware) will consequently have a trace in the power consumption of the smartphone. When the same sequence of steps are repeated on a smartphone, it is observed that the power consumption patterns hold some degree of similarity. A device infected with malware can exhibit increased CPU usage, lower speeds, strange behavior such as e-mails or messages being sent automatically and without the user's knowledge; and programs or malware running intermittently or in cycles in the background. This deviation from the expected behavior of the device is termed as an anomalous behavior and results in a reduction in the similarity of the power consumption. The anomalous behavior could also be due to gradual degradation of the device or change in the execution environment in addition to the presence of malware. This change in similarity can be used to detect the presence of anomalous behavior on smartphones.

This thesis focuses on the detection of anomalous behavior from the power signatures of the smartphone. We have conducted experiments to measure and analyze the power consumption pattern of various smartphone apps. The test bench used for the experiments has a Monsoon Power Meter, which supplies power to the smartphone, and an external laptop collects the power samples from the meter. To emulate the presence of anomalous behavior, we developed an app which runs in the background with varying activity windows. Based on our experiments and analysis, we have developed a methodology for reliable detection of anomalous behavior from power signatures of the smartphone.