Misuse Detection for Mobile Devices Using Behaviour Profiling

Document Type

Journal Article


IGI Global


Faculty of Computing, Health and Science


School of Computer and Security Science / Security Research Centre (secAU)




This article was originally published as: Li, F., Clarke, N. , Papadaki, M., & Dowland, P. (2011). Misuse Detection for Mobile Devices Using Behaviour Profiling. International Journal of Cyber Warfare and Terrorism, 1(1), 43-55. Original article available here


Mobile devices have become essential to modern society; however, as their popularity has grown, so has the requirement to ensure devices remain secure. This paper proposes a behaviour-based profiling technique using a mobile user’s application usage to detect abnormal activities. Through operating transparently to the user, the approach offers significant advantages over traditional point-of-entry authentication and can provide continuous protection. The experiment employed the MIT Reality dataset and a total of 45,529 log entries. Four experiments were devised based on an application-level dataset containing the general application; two application-specific datasets combined with telephony and text message data; and a combined dataset that included both application-level and application-specific. Based on the experiments, a user’s profile was built using either static or dynamic profiles and the best experimental results for the application-level applications, telephone, text message, and multi-instance applications were an EER (Equal Error Rate) of 13.5%, 5.4%, 2.2%, and 10%, respectively.