Mobile devices may hold a lot of personal information, and may be susceptible to attacks by malicious applications. Some security mechanisms are configured to detect malicious processes on a mobile device through performance of real-time behavioral analysis of mobile processes that enable detection of anomalous behavior. There are also various situations where behavior of a mobile device, even if not caused by malicious processes, may constitute a security-risk (for example, situations of frequent camera use in a security-sensitive area, such as a government building, a hospital, a bank, etc.)
To detect anomalous behavior of processes executing on a mobile device, the various processes executing on the device need to observed/monitored, and the monitored behavior then needs to be analyzed. If these processes were to be continually monitored or observed, the performance costs (e.g., computational cost, power use, etc.) associated with such continual monitoring might be high.