{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:04:31Z","timestamp":1760238271598,"version":"build-2065373602"},"reference-count":48,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2020,7,25]],"date-time":"2020-07-25T00:00:00Z","timestamp":1595635200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Electronics"],"abstract":"<jats:p>Quite often, organizations are confronted with the burden of managing mobile device assets, requiring control over installed applications, security, usage profiles or customization options. From this perspective, the emergence of the Bring Your Own Device (BYOD) trend has aggravated the situation, making it difficult to achieve an adequate balance between corporate regulations, freedom of usage and device heterogeneity. Moreover, device and information protection on mobile ecosystems are quite different from securing other device assets such as laptops or desktops, due to their specific characteristics and limitations\u2014quite often, the resource overhead associated with specific security mechanisms is more important for mobile devices than conventional computing platforms, as the former frequently have comparatively less computing capabilities and more strict power management policies. This paper presents an intrusion and anomaly detection framework specifically designed for managed mobile device ecosystems, that is able to integrate into mobile device and management frameworks for complementing conventional intrusion detection systems. In addition to presenting the reference architecture for the proposed framework, several implementation aspects are also analyzed, based on the lessons learned from developing a proof-of-concept prototype that was used for validation purposes.<\/jats:p>","DOI":"10.3390\/electronics9081197","type":"journal-article","created":{"date-parts":[[2020,7,27]],"date-time":"2020-07-27T04:39:50Z","timestamp":1595824790000},"page":"1197","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["A Security Monitoring Framework for Mobile Devices"],"prefix":"10.3390","volume":"9","author":[{"given":"Ant\u00f3nio","family":"Lima","sequence":"first","affiliation":[{"name":"Department of Informatics Engineering, University of Coimbra, 3030-290 Coimbra, Portugal"}]},{"given":"Luis","family":"Rosa","sequence":"additional","affiliation":[{"name":"Department of Informatics Engineering, University of Coimbra, 3030-290 Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9278-6503","authenticated-orcid":false,"given":"Tiago","family":"Cruz","sequence":"additional","affiliation":[{"name":"Department of Informatics Engineering, University of Coimbra, 3030-290 Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5079-8327","authenticated-orcid":false,"given":"Paulo","family":"Sim\u00f5es","sequence":"additional","affiliation":[{"name":"Department of Informatics Engineering, University of Coimbra, 3030-290 Coimbra, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2020,7,25]]},"reference":[{"key":"ref_1","unstructured":"Lennon, R. (2012, January 13). Changing user attitudes to security in bring your own device (BYOD) & the cloud. Proceedings of the 5th Romania Tier 2 Federation Grid, Cloud & High Performance Computing Science (RQLCG), Cluj-Napoca, Romania."},{"key":"ref_2","unstructured":"Lebek, B., Degirmenci, K., and Breitner, M.H. (2008, January 15\u201317). Investigating the Influence of Security, Privacy, and Legal Concerns on Employees\u2019 Intention to Use BYOD Mobile Devices. Proceedings of the Nineteenth Americas Conference on Information Systems, Toronto, ON, Canada."},{"key":"ref_3","unstructured":"Lima, A. (2017). Analysis and Detection of Anomalies in Mobile Devices. [Master\u2019s Thesis, Universidade de Coimbra]. Available online: https:\/\/estudogeral.sib.uc.pt\/handle\/10316\/83277."},{"key":"ref_4","first-page":"1","article-title":"Security for Mobile Device Assets: A Survey","volume":"Volume 1","author":"Lima","year":"2018","journal-title":"Mobile Apps Engineering"},{"key":"ref_5","unstructured":"(2019, September 22). Samsung KNOX. Available online: https:\/\/www.samsungknox.com\/en."},{"key":"ref_6","unstructured":"(2019, September 22). Apple Business Manager. Available online: https:\/\/business.apple.com."},{"key":"ref_7","unstructured":"(2019, September 22). Android Enterprise. Available online: https:\/\/www.an-droid.com\/enterprise\/."},{"key":"ref_8","unstructured":"(2020, July 02). Microsoft Intune. Available online: https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/fundamentals\/what-is-intune."},{"key":"ref_9","unstructured":"(2019, September 22). Flyve Open-Source Device Management. Available online: https:\/\/www.flyve-mdm.com."},{"key":"ref_10","unstructured":"(2020, May 22). Google Analytics for Firebase. Available online: https:\/\/firebase.google.com\/products\/analytics."},{"key":"ref_11","unstructured":"(2020, May 22). Yahoo Flurry Analytics. Available online: https:\/\/www.flurry.com."},{"key":"ref_12","unstructured":"(2020, May 22). Microsoft App Center Analytics. Available online: https:\/\/docs.microsoft.com\/en-us\/appcenter\/analytics\/."},{"key":"ref_13","unstructured":"(2020, May 22). Firebase Crashlytics. Available online: https:\/\/firebase.google.com\/docs\/crashlytics."},{"key":"ref_14","first-page":"38","article-title":"Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments","volume":"11","author":"Garba","year":"2015","journal-title":"J. Inf. Priv. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Hou, S., Ye, Y., Song, Y., and Abdulhayoglu, M. (2017, January 13\u201317). Hindroid: An intelligent android malware detection system based on structured heterogeneous information network. Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Halifax, NS, Canada.","DOI":"10.1145\/3097983.3098026"},{"key":"ref_16","first-page":"1572","article-title":"A comparison of machine learning techniques for android malware detection using apache spark","volume":"14","author":"Memon","year":"2019","journal-title":"J. Eng. Sci. Technol."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"638","DOI":"10.1016\/j.neucom.2017.07.030","article-title":"DroidDet: Effective and robust detection of android malware using static analysis along with rotation forest model","volume":"272","author":"Zhu","year":"2018","journal-title":"Neurocomputing"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"282","DOI":"10.1109\/TBDATA.2017.2676100","article-title":"Iterative Classifier Fusion System for the Detection of Android Malware","volume":"5","author":"Abawajy","year":"2019","journal-title":"IEEE Trans. Big Data"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"DeLoach, J., Caragea, D., and Ou, X. (2016, January 5\u20138). Android malware detection with weak ground truth data. Proceedings of the 2016 IEEE International Conference on Big Data (Big Data), Washington, DC, USA.","DOI":"10.1109\/BigData.2016.7841008"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.jpdc.2016.10.012","article-title":"A hybrid approach of mobile malware detection in Android","volume":"103","author":"Tong","year":"2017","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_21","unstructured":"Google Brain Team (2020, July 21). TensorFlow Lite: Deploy Machine Learning Models on Mobile and IoT Devices. Available online: https:\/\/www.tensorflow.org\/lite."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Feng, R., Chen, S., Xie, X., Ma, L., Meng, G., Liu, Y., and Lin, S. (2019, January 10\u201313). MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform. Proceedings of the 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS), Hong Kong, China.","DOI":"10.1109\/ICECCS.2019.00014"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Takawale, H.C., and Thakur, A. (2018, January 15\u201318). Talos App: On-Device Machine Learning Using TensorFlow to Detect Android Malware. Proceedings of the 2018 Fifth International Conference on Internet of Things: Systems, Management and Security, Valencia, Spain.","DOI":"10.1109\/IoTSMS.2018.8554572"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Barmpatsalou, K., Cruz, T., Monteiro, E., and Simoes, P. (2018). Current and Future Trends in Mobile Device Forensics: A Survey. ACM Comput. Surv., 51.","DOI":"10.1145\/3177847"},{"key":"ref_25","unstructured":"Marz, N., and Warren, J. (2015). Big Data: Principles and Best Practices of Scalable Real-Time Data Systems, Manning Publications Co."},{"key":"ref_26","unstructured":"Kreps, J. (2020, July 21). Questioning the Lambda Architecture. Available online: https:\/\/www.oreilly.com\/radar\/questioning-the-lambda-architecture\/."},{"key":"ref_27","unstructured":"Forgeat, J. (2015). Data Processing Architectures\u2014Lambda and Kappa, Ericsson."},{"key":"ref_28","unstructured":"Feick, M., Kleer, N., and Kohn, M. (2018, January 26\u201327). Fundamentals of Real-Time Data Processing Architectures Lambda and Kappa. Proceedings of the SKILL 2018\u2014Studierendenkonferenz Informatik, Berlin, Germany."},{"key":"ref_29","unstructured":"Databricks (2020, July 23). Delta Architecture, a Step Beyond Lambda Architecture. Available online: https:\/\/pt.slideshare.net\/JuanPauloGutierrez\/delta-architecture."},{"key":"ref_30","unstructured":"Linux Foundation (2020, July 23). Delta Lake\u2014Reliable Data Lakes at Scale. Available online: https:\/\/delta.io\/."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1109\/JAS.2019.1911795","article-title":"Big data analytics in telecommunications: Literature review and architecture recommendations","volume":"7","author":"Zahid","year":"2019","journal-title":"IEEE\/CAA J. Autom. Sin."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Liu, X., Iftikhar, N., Nielsen, P.S., and Heller, A. (2016). Online anomaly energy consumption detection using lambda architecture. International Conference on Big Data Analytics and Knowledge Discovery, Springer.","DOI":"10.1007\/978-3-319-43946-4_13"},{"key":"ref_33","unstructured":"Seyvet, N., and Viela, I.M. (2020, July 21). Applying the Kappa Architecture in the Telco Industry. Available online: https:\/\/www.oreilly.com\/content\/applying-the-kappa-architecture-in-the-telco-industry\/."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Carvalho, O., Roloff, E., and Navaux, P.O. (2017, January 5\u20138). A Distributed Stream Processing Based Architecture for IoT Smart Grids Monitoring. Proceedings of the UCC \u201917 Companion 10th International Conference on Utility and Cloud Computing, Austin, TX, USA.","DOI":"10.1145\/3147234.3148105"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Estrada, R. (2016). Fast Data Processing Systems with SMACK Stack, Packt Publishing Ltd.","DOI":"10.1007\/978-1-4842-2175-4_9"},{"key":"ref_36","first-page":"1","article-title":"A Survey of Communication Protocols for Internet of Things and Related Challenges of Fog and Cloud Computing Integration","volume":"51","author":"Carpio","year":"2019","journal-title":"ACM Comput. Surv."},{"key":"ref_37","unstructured":"(2019, September 22). Apache Spark (2017b) Spark Overview. Available online: https:\/\/spark.apache.org\/docs\/1.0.1\/index.html."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3214303","article-title":"A Survey on Homomorphic Encryption Schemes: Theory and Implementation","volume":"51","author":"Acar","year":"2018","journal-title":"ACM Comput. Surv."},{"key":"ref_39","unstructured":"Halevi, S., and Shoup, V. (2014, December 31). HElib: An Implementation of Homomorphic Encryption. Available online: https:\/\/github.com\/shaih\/HElib."},{"key":"ref_40","unstructured":"(2019, September 22). Apache Hadoop Project. Available online: http:\/\/hadoop.apache.org."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1145\/1327452.1327492","article-title":"MapReduce: Simplified Data Processing on Large Clusters","volume":"51","author":"Dean","year":"2008","journal-title":"Commun. ACM"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Shvachko, K., Kuang, H., Radia, S., and Chansler, R. (2010, January 3\u20137). The Hadoop Distributed File System. Proceedings of the 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST), Incline Village, NV, USA.","DOI":"10.1109\/MSST.2010.5496972"},{"key":"ref_43","unstructured":"Bertran, P.F. (2017, January 20). Lambda Architecture: A State-of-the-Art. Available online: http:\/\/www.datasalt.com\/2014\/01\/lambda-architecture-a-state-of-the-art\/."},{"key":"ref_44","unstructured":"Bijnens, N., and Hausenblas, M. (2017, January 20). Lambda Architecture: A State-of-the-Art. Available online: http:\/\/lambda-architecture.net\/."},{"key":"ref_45","unstructured":"Nierbeck, A. (2017, January 20). IoT Analytics Platform. Available online: https:\/\/blog.codecentric.de\/en\/2016\/07\/iot-analytics-platform\/."},{"key":"ref_46","unstructured":"Bertran, P.F. (2019, September 22). An Example \u201cLambda Architecture\u201d for Real-Time Analysis of Hashtags Using Trident, Hadoop and Splout SQL. Available online: http:\/\/www.datasalt.com\/2013\/01\/an-example-lambda-architecture-using-trident-hadoop-and-splout-sql."},{"key":"ref_47","unstructured":"(2019, September 22). Apache Spark (2017a) Machine Learning Library (MLlib). Available online: https:\/\/spark.apache.org\/docs\/1.0.1\/mllib-guide.html."},{"key":"ref_48","unstructured":"Lima, A. (2020, July 21). Network Traffic Spreadsheet. Available online: https:\/\/goo.gl\/BHn2oZ."}],"container-title":["Electronics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-9292\/9\/8\/1197\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:51:38Z","timestamp":1760176298000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-9292\/9\/8\/1197"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,25]]},"references-count":48,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2020,8]]}},"alternative-id":["electronics9081197"],"URL":"https:\/\/doi.org\/10.3390\/electronics9081197","relation":{},"ISSN":["2079-9292"],"issn-type":[{"type":"electronic","value":"2079-9292"}],"subject":[],"published":{"date-parts":[[2020,7,25]]}}}