A Gaussian mixture model for dynamic detection of abnormal behavior in smartphone applications

Nowadays smartphones get increasingly popular which also attracted hackers. With the increasing capabilities of such phones, more and more malicious softwares targeting these devices have been developed. Malwares can seriously damage an infected device within seconds. This paper focus on the aggregation of a popular probabilistic model: the Gaussian mixture model, for a dynamic detection of the abnormal behavior in smartphone applications. More precisely, we propose to apply a mixture model estimation technique on the behavior of applications, for density modeling and data clustering. The mixture models of the different smartphones are then aggregated to estimate the global model that reflecting the probability density of the global data set. Furthermore, we carry out a model-based clustering outlier detection to compute an anomaly score for each application, leading to identify the malware applications. Initial experiments results prove the efficiency and the accuracy of the model-based clustering in detecting abnormal applications with a low false alerts rate.