On-device anomaly detection for resource-limited systems

As small-scale embedded systems such as Smartphones rapidly evolve, mobile malwares grow increasingly more sophisticated and dangerous. An important attack vector targeting Android Smartphone is repackaging legitimate applications to inject malicious activities, where such repackaging can be performed before or after the installation of applications on the Smartphone. To detect the behaviour deviation of applications caused by the injected malicious activities, complex anomaly detection algorithms are usually applied, however they require a system resources budget that is beyond the capacities of these small-scale devices. This paper focuses on the usability of on-device anomaly detection algorithms and proposes a detection framework for Android-based devices. The proposed solution allows using a remote server without relying entirely on it. The experimental results allow building resources consumption profiles of the studied anomaly detections algorithms and thus, provide reliable measurements that help define trade-offs between detection accuracy and resource consumption.