A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications

2014 Global Information Infrastructure and Networking Symposium (GIIS) Pub Date : 2014-09-01 DOI:10.1109/GIIS.2014.6934278

Ali El Attar, R. Khatoun, Marc Lemercier

{"title":"A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications","authors":"Ali El Attar, R. Khatoun, Marc Lemercier","doi":"10.1109/GIIS.2014.6934278","DOIUrl":null,"url":null,"abstract":"Nowadays smartphones get increasingly popular which also attracted hackers. With the increasing capabilities of such phones, more and more malicious softwares targeting these devices have been developed. Malwares can seriously damage an infected device within seconds. This paper focus on the aggregation of a popular probabilistic model: the Gaussian mixture model, for a dynamic detection of the abnormal behavior in smartphone applications. More precisely, we propose to apply a mixture model estimation technique on the behavior of applications, for density modeling and data clustering. The mixture models of the different smartphones are then aggregated to estimate the global model that reflecting the probability density of the global data set. Furthermore, we carry out a model-based clustering outlier detection to compute an anomaly score for each application, leading to identify the malware applications. Initial experiments results prove the efficiency and the accuracy of the model-based clustering in detecting abnormal applications with a low false alerts rate.","PeriodicalId":392180,"journal":{"name":"2014 Global Information Infrastructure and Networking Symposium (GIIS)","volume":"325 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Global Information Infrastructure and Networking Symposium (GIIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GIIS.2014.6934278","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Nowadays smartphones get increasingly popular which also attracted hackers. With the increasing capabilities of such phones, more and more malicious softwares targeting these devices have been developed. Malwares can seriously damage an infected device within seconds. This paper focus on the aggregation of a popular probabilistic model: the Gaussian mixture model, for a dynamic detection of the abnormal behavior in smartphone applications. More precisely, we propose to apply a mixture model estimation technique on the behavior of applications, for density modeling and data clustering. The mixture models of the different smartphones are then aggregated to estimate the global model that reflecting the probability density of the global data set. Furthermore, we carry out a model-based clustering outlier detection to compute an anomaly score for each application, leading to identify the malware applications. Initial experiments results prove the efficiency and the accuracy of the model-based clustering in detecting abnormal applications with a low false alerts rate.

查看原文本刊更多论文

智能手机应用中异常行为动态检测的高斯混合模型

如今智能手机越来越受欢迎，这也吸引了黑客。随着手机功能的不断增强，针对这些设备的恶意软件也越来越多。恶意软件可以在几秒钟内严重破坏受感染的设备。本文重点研究了一种流行的概率模型的聚合:高斯混合模型，用于智能手机应用中异常行为的动态检测。更准确地说，我们建议将混合模型估计技术应用于应用程序的行为，用于密度建模和数据聚类。然后汇总不同智能手机的混合模型，以估计反映全球数据集概率密度的全球模型。此外，我们还进行了基于模型的聚类异常值检测，为每个应用程序计算异常分数，从而识别恶意软件应用程序。初步实验结果证明了基于模型的聚类检测异常应用的有效性和准确性，并且具有较低的误报率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 Global Information Infrastructure and Networking Symposium (GIIS)

自引率

0.00%

发文量