A Framework for Automatic Anomaly Detection in Mobile Applications

Abstract

It is standard practice in enterprises to analyze large amounts of logs to detect software failures and malicious behaviors. Mobile applications pose a major challenge to centralized monitoring as network and storage limitations prevent fine-grained logs to be stored and transferred for off-line analysis. In this paper we introduce EMMA, a framework for automatic anomaly detection that enables security analysis as well as in-the-field quality assurance for enterprise mobile applications, and incurs minimal overhead for data exchange with a back-end monitoring platform. EMMA instruments binary applications with a lightweight anomaly-detection layer that reveals failures and security threats directly on mobile devices, thus enabling corrective measures to be taken promptly even when the device is disconnected. In our empirical evaluation, EMMA detected failures in unmodified Android mobile applications.