LIGHTWEIGHT SECURITY AUDITING TOOL FOR ANDROID SMART MOBILE PHONE: DESIGN AND IMPLEMENTATION


For more Electrical & Computer Engineering Project click here



TABLE OF CONTENTS

Abstract

Chapter 1 Introduction
1.2       Statement of the problem
1.3       Objectives
1.4       Methodology
1.5       Thesis outline

Chapter 2 Background Information
2.1       Android System Architecture
2.1.1    Linux kernel
2.1.2    Libraries
2.1.3    Android runtime
2.1.4    Application framework
2.1.5    Applications
2.2       Dalvik Virtual Machine
2.2.1    Hardware constraints
2.2.2    Bytecode
2.3       Android applications
2.3.1    Application components
2.3.2    Manifest
2.3.3    Native code
2.3.4    Distribution
2.4       Android Threat
2.4.1    Spyware
2.4.2    Root exploit
2.4.3    Botnet
2.4.4    SMS Trojans
2.4.5    Drive-by-download
2.5       Android Security Overview
2.5.1    Permissions
2.5.2    Sandbox
2.5.3    Application signing
2.5.4    Remote kill switch
2.5.5    File System and User/Group Permissions
2.5.6    Google Bouncer
2.5.7    Anti-malware applications
2.6       Intrusion Detection System
2.6.1    Definition
2.6.2    Detection types

Chapter 3 Related Work
3.1       Background and Surveys

Chapter 4 Design and Implementation
4.1       Design
4.1.1    What to collect
4.1.2    Framework design
4.1.3    Dataset description
4.2       Implementation
4.2.1    Tools used during implementation

Chapter 5   Experimental Result and Evaluation
5.1       Analyzing the requested permission feature
5.2       Analyzing the Intent information
5.3       Analyzing the network behavior of Apps
5.4       Evaluation of Proposed Framework using combined feature set
5.5       Performance overhead analysis

Chapter 6   Conclusions and Recommendations
Bibliography
Appendix



Abstract

Due to the fast growing market in Android smartphone operating systems to date cyber criminals have naturally extended their target towards Google‘s Android mobile operating system. Threat researchers are reporting an alarming increase of detected malware for Android from 2012 to 2013. Static analysis techniques for malware detection are based on signatures of known malicious applications. It cannot detect new malware applications and the attacker will get window of opportunities until the threat databases are updated for the new malware. Malware detection techniques based on dynamic analysis are mostly designed as a cloud based services where the user must submit the application to know whether the application is malware or not.

As a solution to these problems, in this work we design and implement a host based lightweight security auditing tool that suits resource-constrained mobile devices in terms of low storage and computational requirements. Our proposed solution utilizes the open nature of the Android operating system and uses the public APIs provided by the Android SDK to collect features of known-benign and known-malicious applications. The collected features are then provided to machine learning algorithm to develop a baseline classification model. This classification model is then used to classify new or unknown applications either as malware or goodware and if it is malware it alerts the user about the infection.

Our proposed solution has been tested by analyzing both malicious and benign applications collected from different websites. The technique used is shown to be an effective means of detecting malware and alerting users about detection of malware, which suggests that it has the capability to stop the spread of the attack since once the user is aware of the malicious application he can take measures by uninstalling the application. Experimental results show that the proposed solution has detection rate of 96.73% in RandomForest machine learning model which is

used during the final development of our proposed solution as an Android application and low rate of false positive rate(0.01). Performance impact on the Android system can also be ignored which is only 3.7-5.6% CPU overhead, 3-4% of RAM overhead and the battery exhaustion is only 2%.



Chapter 1

1.1 Introduction

Personal Digital Assistants (PDAs), mobile phones and recently smartphones have evolved from simple mobile phones into sophisticated yet compact minicomputers which can connect to a wide spectrum of networks, including the Internet and corporate intranets. Designed as open, programmable, networked devices, smartphones are susceptible to various malware threats such as viruses, Trojan horses, and worms, all of which are well-known from desktop platforms. These devices enable users to access and browse the Internet, receive and send emails, SMSs, and MMSs, connect to other devices for exchanging information/synchronizing, and activate various applications, which make these devices attack targets [1].

A compromised smartphone can inflict severe damages to both users and the cellular service provider. Malware on a smartphone can make the phone partially or fully unusable; cause unwanted billing; steal private information (possibly by Phishing and Social Engineering); or infect the contacts in the phone-book. Possible attack vectors into smartphones include: Cellular networks, Internet connections (via Wi-Fi, GPRS/EDGE or 3G network access); USB/ActiveSync/Docking and other peripherals [1].

The challenges for smartphone security are becoming very similar to those that personal computers encounter and common desktop-security solutions are often being downsized to mobile devices. However, some of the desktop solutions (i.e., antivirus software) are inadequate for use on smartphones as they consume too much CPU and memory and might result in rapid draining of the power source. In addition, most antivirus detection capabilities depend on the existence of an updated malware signature repository, therefore the antivirus users are not protected whenever an attacker spreads previously unencountered malware. Since the response time of antivirus vendors may vary between several hours to several days to identify the new malware, generate a signature, and update their clients‘ signature database, hackers have a substantial window of opportunity. Some malware instances may target a specific and relatively small number of mobile devices (e.g., to extract confidential information or track owner‘s location) and will therefore take quite a time till they are discovered.....



___________________________________________________________________________
This is a General Thesis for both Undergraduate & Postgraduate Studies. The complete research material plus questionnaire and references can be obtained at an affordable price of N3,000 within Nigerian or its equivalent in other currencies.


INSTRUCTION ON HOW TO GET THE COMPLETE PROJECT MATERIAL

Kindly pay/transfer a total sum of N3,000 into any of our Bank Accounts listed below:
·         Diamond Bank Account:
A/C Name:      Haastrup Francis
A/C No.:         0096144450

·         GTBank Account:
A/C Name:      Haastrup Francis
A/C No.:         0029938679
After payment, send your desired Project Topic, Depositor’s Name, and your Active E-Mail Address to which the material would be sent for downloading (you can request for a downloading link if you don’t have an active email address) to +2348074521866 or +2348066484965. You can as well give us a direct phone call if you wish to. Projects materials are sent in Microsoft format to your mail within 30 Minutes once payment is confirmed.

--------------------------------------------------------
N/B:    By ordering for our material means you have read and accepted our Terms and Conditions


Terms of Use: This is an academic paper. Students should NOT copy our materials word to word, as we DO NOT encourage Plagiarism. Only use as guide in developing your original research work.

Delivery Assurance
We are trustworthy and can never SCAM you. Our success story is based on the love and fear for God plus constant referrals from our clients who have benefited from our site. We deliver project materials to your Email address within 15-30 Minutes depending on how fast your payment is acknowledged by us.

Quality Assurance
All research projects, Research Term Papers and Essays on this site are well researched, supervised and approved by lecturers who are intellectuals in their various fields of study.


Share:

Search for your topic here

See full list of Project Topics under your Department Here!

Featured Post

Article: How to Write a Research Proposal

Most students and beginning researchers do not fully understand what a research proposal means, nor do they understand ...

Popular Posts