MODELZ: Monitoring, Detection, and Analysis of Energy-Greedy Anomalies in Mobile Handsets

It is of great importance to protect rapidly-spreading and widely-used small mobile devices like smartphones and PocketPCs from energy-depletion attacks by monitoring software (processes) and hardware (especially, battery) resources. The ability to use these devices for on- and/or off-job functions, and even for medical emergencies or disaster recovery is often dictated by their limited battery capacity. However, traditional malware detection systems and antivirus solutions based on matching signatures are limited to detection of only known malware, and hence, cannot deal with battery-depletion attacks. To meet this challenge, we propose to develop, implement, and evaluate a comprehensive framework, called MODELZ, that MOnitors, DEtects, and anaLyZes energy-greedy anomalies on small mobile devices. MODELZ comprises 1) a charge flow meter that allows infrequent sampling of energy consumption without losing accuracy, 2) a power monitor, in coordination with the charge flow meter, that samples and builds a power-consumption history, and 3) a data analyzer that generates a power signature from the power-consumption history. To generate a power signature, we devise and apply light-weighted, effective noise filtering and data compression, reducing the detection overhead significantly. The similarities between power signatures are measured by the χ²-distance and used to lower both false-positive and false-negative detection rates. Our experimental results on an HP iPAQ running the Windows Mobile OS have shown that MODELZ achieves significant (up to 95 percent) storage-savings without losing detection accuracy, and a 99 percent true-positive rate in differentiating legitimate programs from suspicious ones while the monitoring consumes 50 percent less energy than the case of keeping the Bluetooth radio turned on.