As the popularity of mobile end devices is growing exponentially, the number of malicious activities directed against them has also surged. People are using their mobile devices for sending, receiving, and storing data, so vulnerabilities in dealing with sensitive information are crucial. To detect malicious behavior on mobile devices,research on anomaly detection mechanisms has followed different approaches; these researches focused on the static and dynamic levels of anomaly detection separately. For static analysis, permissions and manifest files were inspected [1]; for dynamic analysis, API usage, system calls, and network-level traffic were inspected [2]. In this thesis, finding an efficient way to detect anomalies using memory usage data is aimed. For this purpose, data analysis, and Machine Learning algorithms are investigated. While detecting anomalies, it is observed that most of the selected algorithms for unsupervised learning require evenly distributed time-series data, which means continuous behavior is required. However, since the experiment was based on real-world data, it is realized that for some hours no samples were tracked. For adopting an adequate algorithm, anomaly detection of data with missing values is also covered in this paper.
As the popularity of mobile end devices is growing exponentially, the number of malicious activities directed against them has also surged. People are using their mobile devices for sending, receiving, and storing data, so vulnerabilities in dealing with sensitive information are crucial. To detect malicious behavior on mobile devices,research on anomaly detection mechanisms has followed different approaches; these researches focused on the static and dynamic levels of anomaly detection separately. For static analysis, permissions and manifest files were inspected [1]; for dynamic analysis, API usage, system calls, and network-level traffic were inspected [2]. In this thesis, finding an efficient way to detect anomalies using memory usage data is aimed. For this purpose, data analysis, and Machine Learning algorithms are investigated. While detecting anomalies, it is observed that most of the selected algorithms for unsupervised learning require evenly distributed time-series data, which means continuous behavior is required. However, since the experiment was based on real-world data, it is realized that for some hours no samples were tracked. For adopting an adequate algorithm, anomaly detection of data with missing values is also covered in this paper.
Behavioral Analysis based on Dynamic Detection of Anomalies in Mobile Device Activity with Machine Learning
TASCIOGLU, AYCA BEGUM
2021/2022
Abstract
As the popularity of mobile end devices is growing exponentially, the number of malicious activities directed against them has also surged. People are using their mobile devices for sending, receiving, and storing data, so vulnerabilities in dealing with sensitive information are crucial. To detect malicious behavior on mobile devices,research on anomaly detection mechanisms has followed different approaches; these researches focused on the static and dynamic levels of anomaly detection separately. For static analysis, permissions and manifest files were inspected [1]; for dynamic analysis, API usage, system calls, and network-level traffic were inspected [2]. In this thesis, finding an efficient way to detect anomalies using memory usage data is aimed. For this purpose, data analysis, and Machine Learning algorithms are investigated. While detecting anomalies, it is observed that most of the selected algorithms for unsupervised learning require evenly distributed time-series data, which means continuous behavior is required. However, since the experiment was based on real-world data, it is realized that for some hours no samples were tracked. For adopting an adequate algorithm, anomaly detection of data with missing values is also covered in this paper.| File | Dimensione | Formato | |
|---|---|---|---|
|
Tascioglu_AycaBegum.pdf
accesso riservato
Dimensione
1.64 MB
Formato
Adobe PDF
|
1.64 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/31589