Attack Detection based on Statistical Analysis of Smartphone Resource Utilization

Detection of anomalous behavior is critical to protect smartphones from emerging threats and ensure user security and privacy. Android has emerged as the prevalent mobile operating system and is one of the most attractive targets for potential attacks. Typical approaches for malware detection in Android rely on resource intensive analysis of cloud servers using Machine Learning (ML) algorithms. However, in practice, collecting and sending malicious data samples is cumbersome since it requires a persistent connection between smartphones and cloud servers. In this work, we propose a novel approach that leverages elements from statistical analysis and information theory to detect malware based attacks on smartphones. We parameterize CPU usage, RAM utilization, and network data of smartphones to detect anomalous usage patterns using the Kullback-Leibler divergence measure. The advantage of our proposed method is two-fold. First, it is less computation intensive than Machine Learning algorithms and thus can run efficiently on low-power devices. Second, the proposed approach is generic in that our model can be applied to diverse variety of smartphone usage patterns to detect malicious behavior. Evaluation of the proposed method shows that it achieves an accuracy of 86.24% for detecting malicious behavior in Android smartphones.