A Strongly Non-Intrusive Methodology to Monitor and Detect Anomalous Behaviour of Wireless Devices

摘要

With the growing popularity and usage of smartphone devices, safeguarding it against malware becomes increasingly essential. In this paper, we define and present a strongly non-intrusive observation method that monitors network traffic data of the device to detect the presence of malware. The proposed method is advantageous as it neither requires any modification to the device, nor it needs any explicit connection between the device and the observing tool. We have evaluated the performance of two anomaly detection techniques, namely, changepoint detection and HOG+CNN, on the observed data. We compared the performance of the two detection techniques using both ordinary non-intrusive power signal data and strongly nonintrusive network traffic data. We also ran experiments to detect once-activated simulated malware and real malware. Validation tests confirm the effectiveness of the methodology in detecting the presence of malware.