Personal Anomaly Detection and Smart-Phone Security

TR Number



Journal Title

Journal ISSN

Volume Title


Virginia Tech


Mobile devices increasingly become the computing platform for networked applications such as Web and email. This development requires strong guarantees on the system integrity and data security of mobile devices against malicious software (malware in short). This work introduces a new personalized anomaly detection approach that is able to achieve host security by modeling and enforcing the legitimate behavior characteristics of a human user. Specifically, we identify characteristic human-user behaviors (namely application-level user inputs via keyboard and mouse), developing protocols for fine-grained traffic-input analysis, and preventing forgeries and attacks by malware. Our solution contains a combination of cryptographic techniques, correlation analysis, and hardware-based integrity measures. Our evaluation is done in computers with real-world and synthetic malware. The uniqueness of this personalized anomaly detection technique is that it allows computer security to be realized without the need for continually monitoring ever-changing malware patterns.



Network security, anomaly detection, smartphone, input, correlation