TY - GEN
T1 - A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications
AU - Attar, Ali El
AU - Khatoun, Rida
AU - Lemercier, Marc
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/10/22
Y1 - 2014/10/22
N2 - Nowadays smartphones get increasingly popular which also attracted hackers. With the increasing capabilities of such phones, more and more malicious softwares targeting these devices have been developed. Malwares can seriously damage an infected device within seconds. This paper focus on the aggregation of a popular probabilistic model: the Gaussian mixture model, for a dynamic detection of the abnormal behavior in smartphone applications. More precisely, we propose to apply a mixture model estimation technique on the behavior of applications, for density modeling and data clustering. The mixture models of the different smartphones are then aggregated to estimate the global model that reflecting the probability density of the global data set. Furthermore, we carry out a model-based clustering outlier detection to compute an anomaly score for each application, leading to identify the malware applications. Initial experiments results prove the efficiency and the accuracy of the model-based clustering in detecting abnormal applications with a low false alerts rate.
AB - Nowadays smartphones get increasingly popular which also attracted hackers. With the increasing capabilities of such phones, more and more malicious softwares targeting these devices have been developed. Malwares can seriously damage an infected device within seconds. This paper focus on the aggregation of a popular probabilistic model: the Gaussian mixture model, for a dynamic detection of the abnormal behavior in smartphone applications. More precisely, we propose to apply a mixture model estimation technique on the behavior of applications, for density modeling and data clustering. The mixture models of the different smartphones are then aggregated to estimate the global model that reflecting the probability density of the global data set. Furthermore, we carry out a model-based clustering outlier detection to compute an anomaly score for each application, leading to identify the malware applications. Initial experiments results prove the efficiency and the accuracy of the model-based clustering in detecting abnormal applications with a low false alerts rate.
U2 - 10.1109/GIIS.2014.6934278
DO - 10.1109/GIIS.2014.6934278
M3 - Conference contribution
AN - SCOPUS:84912122778
T3 - 2014 Global Information Infrastructure and Networking Symposium, GIIS 2014
BT - 2014 Global Information Infrastructure and Networking Symposium, GIIS 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 Global Information Infrastructure and Networking Symposium, GIIS 2014
Y2 - 15 September 2014 through 19 September 2014
ER -