Mobile devices have evolved and experienced an immense popularity over the last few years. This growth however has
exposed mobile devices to an increasing number of security threats. Despite the variety of peripheral protection
mechanisms described in the literature, authentication and access control cannot provide integral protection against
intrusions. Thus, a need for more intelligent and sophisticated security controls such as intrusion detection systems (IDSs)
is necessary. Whilst much work has been devoted to mobile device IDSs, research on anomaly‐based or behaviour‐based
IDS for such devices has been limited leaving several problems unsolved. Motivated by this fact, in this paper, we focus on
anomaly‐based IDS for modern mobile devices. A dataset consisting of iPhone users data logs has been created, and
various classification and validation methods have been evaluated to assess their effectiveness in detecting misuses.
Specifically, the experimental procedure includes and cross‐evaluates four machine learning algorithms (i.e. Bayesian
networks, radial basis function, K‐nearest neighbours and random Forest), which classify the behaviour of the end‐user in
terms of telephone calls, SMS and Web browsing history. In order to detect illegitimate use of service by a potential
malware or a thief, the experimental procedure examines the aforementioned services independently as well as in
combination in a multimodal fashion. The results are very promising showing the ability of at least one classifier to detect
intrusions with a high true positive rate of 99.8%.
Sorry, this publication is not currently available to the public due to copyright restrictions.
We are unable to provide copies of this publication at present.
Centre for Security, Communications and Network Research (CSCAN), Room A304 Portland Square, Plymouth University, Plymouth, PL4 8AA, United Kingdom
Telephone: +44 (0) 1752 586234, Fax: +44 (0) 1752 586300, Email: firstname.lastname@example.org