UWSpace is currently experiencing technical difficulties resulting from its recent migration to a new version of its software. These technical issues are not affecting the submission and browse features of the site. UWaterloo community members may continue submitting items to UWSpace. We apologize for the inconvenience, and are actively working to resolve these technical issues.
 

A Methodology for Reliable Detection of Anomalous Behavior in Smartphones

Thumbnail Image

Files

SoundarRajaJames_RobinJoePrabhahar.pdf (5.48 MB)

Date

2018-01-22

Authors

Soundar Raja James, Robin Joe Prabhahar

Journal Title

Journal ISSN

Volume Title

Publisher

University of Waterloo

Abstract

Smartphones have become the most preferred computing device for both personal and business use. Different applications in smartphones result in different power consumption patterns. The fact that every application has been coded to perform different tasks leads to the claim that every action onboard (whether software or hardware) will consequently have a trace in the power consumption of the smartphone. When the same sequence of steps is repeated on it, it is observed that the power consumption patterns hold some degree of similarity. A device infected with malware can exhibit increased CPU usage, lower speeds, strange behavior such as e-mails or messages being sent automatically and without the user's knowledge; and programs or malware running intermittently or in cycles in the background. This deviation from the expected behavior of the device is termed an anomalous behavior and results in a reduction in the similarity of the power consumption. The anomalous behavior could also be due to gradual degradation of the device or change in the execution environment in addition to the presence of malware. The change in similarity can be used to detect the presence of anomalous behavior on smartphones. This thesis focuses on the detection of anomalous behavior from the power signatures of the smartphone. We have conducted experiments to measure and analyze the power consumption pattern of various smartphone apps. The test bench used for the experiments has a Monsoon Power Meter, which supplies power to the smartphone, and an external laptop collects the power samples from the meter. To emulate the presence of anomalous behavior, we developed an app which runs in the background with varying activity windows. Based on our experiments and analysis, we have developed two separate models for reliable detection of anomalous behavior from power signatures of the smartphone. The first model is based on Independent Component Analysis (ICA) and the second model is based on a Similarity Matrix developed using an array of low pass filters. These models detect the presence of anomalies by comparing the current power consumption pattern of the device under test with that of its normal behavior.

Description

Keywords

Anomaly Detection, smartphone, power signature, Independent component Analysis, Similarity Matrix

LC Keywords

Citation

URI

http://hdl.handle.net/10012/12914

Collections

Theses
Electrical and Computer Engineering