Misuse Detection for Mobile Devices Using Behaviour Profiling

Misuse Detection for Mobile Devices Using Behaviour Profiling

Fudong Li (Plymouth University, UK), Nathan Clarke (Plymouth University, UK and Edith Cowan University, Australia), Maria Papadaki (Plymouth University, UK) and Paul Dowland (Plymouth University, UK)
Copyright: © 2011 |Pages: 13
DOI: 10.4018/ijcwt.2011010105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Mobile devices have become essential to modern society; however, as their popularity has grown, so has the requirement to ensure devices remain secure. This paper proposes a behaviour-based profiling technique using a mobile user’s application usage to detect abnormal activities. Through operating transparently to the user, the approach offers significant advantages over traditional point-of-entry authentication and can provide continuous protection. The experiment employed the MIT Reality dataset and a total of 45,529 log entries. Four experiments were devised based on an application-level dataset containing the general application; two application-specific datasets combined with telephony and text message data; and a combined dataset that included both application-level and application-specific. Based on the experiments, a user’s profile was built using either static or dynamic profiles and the best experimental results for the application-level applications, telephone, text message, and multi-instance applications were an EER (Equal Error Rate) of 13.5%, 5.4%, 2.2%, and 10%, respectively.
Article Preview

1. Introduction

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many services through a wide range of applications over multiple networks as well as on the handheld itself, such as: voice calling through service provider’s network, Internet surfing via Wi-Fi hotspots, video conferencing through a 3G connection, road navigating by GPS (Global Positioning System), picture sharing by using Bluetooth pairing, data synchronising with laptop/desktop computers, document creation and modification, and entertainment (i.e., playing music). Indeed, the functionality and interconnectivity of mobile devices only tends to increase with time.

While people enjoy the convenience provided by mobile devices, there are also threats which could make their life less comfortable, such as the loss or theft of the device, service fraud, information disclosure, mobile malware, Smishing (SMS [Short Message Service] phishing) and Vishing (Voice phishing). According to the metropolitan police website, there are around 10,000 mobile devices lost or stolen in London every month (Metropolitan Police Service, 2011). When a mobile device is lost or stolen, there is an initial cost of replacement; however, more damage could occur if the attacker accesses the mobile services and information. According to the Communications Fraud Control Association’s (CFCA) Global Fraud Loss Survey 2009, service fraud is estimated to cost telecom service providers $72-$80 billion every year (CFCA, 2009). Also, a survey shows that 32% of all information disclosure incidents were related to lost or stolen mobile devices (Ponemon Institute, 2011). Moreover, the McAfee mobile and security report indicated that “Four in 10 organizations have had mobile devices lost or stolen and half of lost/stolen devices contain business critical data”, such as customer data, corporate intellectual property and financial information (McAfee, 2011, p. 12).

Mobile malware can also harm the mobile phone in a variety of ways, such as: infecting files and damaging user data. Since first discovered in 2004, there are more than 106 malware families with 514 variants (Securelist, 2009). Furthermore, the number of new mobile malware being found in 2010 has increased considerably (by 46% compared with those occurring in 2009) (McAfee, 2010). Smishing and Vishing are new types of phishing attacks which are performed by utilising text messaging and telephone calls (FBI, 2010). If the phone owner is fooled, its personal information can be exposed and abused.

With the aim to counter mobile threats, a number of security mechanisms have been developed both on the mobile device and the service provider’s network. The PIN (Personal Identification Number) based authentication method is the most widely deployed approach on mobile devices. Although widely used, many users do not employ the technique properly (i.e., never changing the PIN) (Clarke & Furnell, 2005; Kurkovsky & Syta, 2010). Mobile antivirus software and firewall applications are mainly deployed for detecting malware presence and blocking unwanted network traffic. Nonetheless, obtaining the latest virus signatures and updating rules for network traffic are not easy tasks; furthermore, their ability to detect user related activities is limited. As a mobile device has limited computing power, more sophisticated mechanisms, such as IDS (Intrusion Detection System), are primarily deployed on the service provider’s network. These systems continuously monitor the mobile users’ calling and migration activities to detect telephony service fraud. However, given the modern mobile device has the ability to access several networks simultaneously and accommodate a wide range of services, existing network-based security mechanisms are unable to provide comprehensive protection for the mobile handset. Therefore, a new security mechanism which can ensure a user’s legitimacy (authentication function) in a continuous manner (IDS function) is needed. This paper focuses upon presenting the findings from a feasibility study into utilising a host-based behavioural profiling approach to identify mobile device misuse, and providing continued and transparent protection for mobile devices.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing