Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers
Mobile devices have evolved and experienced an immense popularity over the last few years. This growth however hasDamopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke NL, Gritzalis S
exposed mobile devices to an increasing number of security threats. Despite the variety of peripheral protection
mechanisms described in the literature, authentication and access control cannot provide integral protection against
intrusions. Thus, a need for more intelligent and sophisticated security controls such as intrusion detection systems (IDSs)
is necessary. Whilst much work has been devoted to mobile device IDSs, research on anomaly‐based or behaviour‐based
IDS for such devices has been limited leaving several problems unsolved. Motivated by this fact, in this paper, we focus on
anomaly‐based IDS for modern mobile devices. A dataset consisting of iPhone users data logs has been created, and
various classification and validation methods have been evaluated to assess their effectiveness in detecting misuses.
Specifically, the experimental procedure includes and cross‐evaluates four machine learning algorithms (i.e. Bayesian
networks, radial basis function, K‐nearest neighbours and random Forest), which classify the behaviour of the end‐user in
terms of telephone calls, SMS and Web browsing history. In order to detect illegitimate use of service by a potential
malware or a thief, the experimental procedure examines the aforementioned services independently as well as in
combination in a multimodal fashion. The results are very promising showing the ability of at least one classifier to detect
intrusions with a high true positive rate of 99.8%.