摘要
本文提出了一种分布式的移动设备异常检测系统,该系统采用客户端-服务器架构,客户端程序在移动设备上持续提取特征并传送给服务器,服务器使用异常检测算法分析特征.根据人类日常活动的规律性以及用户使用移动设备的周期性,我们还提出了一种基于用户行为周期的异常检测方法,通过比较待检测特征向量和以往周期相近时间段的特征向量集的距离即可判定该特征向量是否异常,向量比较时采用不受特征间关联以及特征取值范围影响的马氏距离作为距离衡量的标准.实验证明我们采用的移动设备异常检测系统框架和检测方法能够有效提高对移动设备恶意程序的检测率.
In this paper, we present a distributed anomaly detection system for mobile devices. The proposed framework realizes a client-server architecture, the client continuously extracts various features of mobile device and transfers to the server, and the server's major task is to detect anomaly using state-of-art detection algorithms. According to the regularity of human daily activity and the periodic of using mobile device, we also propose a novel user behavior cycle based statistical approach, in which the abnormal is determined by the distance from the undetermined feature vector to the similar time segments' vectors of previous cycles. We use the Mahalanobis distance as distance metric since it is rarely affected by the correlate and value range of features. Evaluation results demonstrated that the proposed framework and novel anomaly detection algorithm could effectively improve the detection rate of malwares on mobile devices.
出处
《计算机系统应用》
2015年第4期184-189,共6页
Computer Systems & Applications
基金
国家自然科学基金(61272131)
关键词
异常检测
行为周期
马氏距离
特征提取
anomaly detection
behavior cycle
mahalanobis distance
feature extraction
