Abstract

The growing spread of malware on Android OS requires new approaches for the detection and recognition of malicious applications on mobile devices. An emerging idea is characterizing malicious behaviors in terms of energy consumption, to support the definition of Energy-aware Intrusion Detection Systems that are able to recognize malicious behaviors in terms of their energy footprint. To this aim, the energy consumption of several hardware components of a mobile device must be measured at a sufficiently fine-grained level of precision. Furthermore, the same measurements must not be energy-hungry. In Android, several sources can provide energy consumption information, from high-level API to low level measurements taken directly from the battery driver. In this paper, we consider two approaches to measurements available in literature and, by measuring the consumption of a device under attack, we empirically assess their suitability to support the profiling of both benign and malicious applications in Android. Then, we propose a new approach able to overcome the limitations of the existing ones and we provide empirical evidence on the feasibility and the correctness of our proposal.