Toward a Better Understanding of Mobile Users’ Behavior: A Web Session Repair Scheme

Abstract

Using mobile devices to browse the Internet has become increasingly popular over the years. However, the risk of being exposed to malicious content, such as online scams or malware installations, has also increased significantly. In this study, we collected smartphone data from volunteer users by monitoring their use of the Web and the applications they install on their devices. However, the collected data is sometimes incomplete due to the technical limitations of mobile devices. Thus, we propose a data repair scheme to restore incomplete data by inferring missing attributes. Here, the restored data represent the browsing history of a mobile user, which can be used to determine if and how the user has been the victim of web or mobile-specific attacks to compromise their sensitive data. The accuracy of the proposed data repair scheme was evaluated using a machine learning algorithm, and the results demonstrate that the proposed scheme properly reconstructed a user’s browsing history data with an accuracy of 95%. The usability of the repaired data is demonstrated by a practical use case. The user’s browsing history was correlated with other types of data, such as received SMSs and the applications installed by the user. The results demonstrate that a user can fall victim to SMS-based phishing (SMShing) attacks, where the attacker sends an SMS message to a user to trick them install a malicious application. We also present a case of a social engineering attack, where the victim was manipulated to provide their Amazon credentials and credit card details.