TABLE OF CONTENTS
Abstract
Chapter 1 Introduction
1.2 Statement of the problem
1.3 Objectives
1.4 Methodology
1.5 Thesis outline
Chapter 2 Background Information
2.1 Android System Architecture
2.1.1 Linux kernel
2.1.2 Libraries
2.1.3 Android runtime
2.1.4 Application framework
2.1.5 Applications
2.2 Dalvik Virtual Machine
2.2.1 Hardware constraints
2.2.2 Bytecode
2.3 Android applications
2.3.1 Application components
2.3.2 Manifest
2.3.3 Native code
2.3.4 Distribution
2.4 Android Threat
2.4.1 Spyware
2.4.2 Root exploit
2.4.3 Botnet
2.4.4 SMS Trojans
2.4.5 Drive-by-download
2.5 Android Security Overview
2.5.1 Permissions
2.5.2 Sandbox
2.5.3 Application signing
2.5.4 Remote kill switch
2.5.5 File System and User/Group Permissions
2.5.6 Google Bouncer
2.5.7 Anti-malware applications
2.6 Intrusion Detection System
2.6.1 Definition
2.6.2 Detection types
Chapter 3 Related Work
3.1 Background and Surveys
Chapter 4 Design and Implementation
4.1 Design
4.1.1 What to collect
4.1.2 Framework design
4.1.3 Dataset description
4.2 Implementation
4.2.1 Tools used during implementation
Chapter 5 Experimental Result and Evaluation
5.1 Analyzing the requested permission feature
5.2 Analyzing the Intent information
5.3 Analyzing the network behavior of Apps
5.4 Evaluation of Proposed Framework using combined feature set
5.5 Performance overhead analysis
Chapter 6 Conclusions and Recommendations
Bibliography
Appendix
Abstract
Due to the fast growing market in Android smartphone operating systems to date cyber criminals have naturally extended their target towards Google‘s Android mobile operating system. Threat researchers are reporting an alarming increase of detected malware for Android from 2012 to 2013. Static analysis techniques for malware detection are based on signatures of known malicious applications. It cannot detect new malware applications and the attacker will get window of opportunities until the threat databases are updated for the new malware. Malware detection techniques based on dynamic analysis are mostly designed as a cloud based services where the user must submit the application to know whether the application is malware or not.
As a solution to these problems, in this work we design and implement a host based lightweight security auditing tool that suits resource-constrained mobile devices in terms of low storage and computational requirements. Our proposed solution utilizes the open nature of the Android operating system and uses the public APIs provided by the Android SDK to collect features of known-benign and known-malicious applications. The collected features are then provided to machine learning algorithm to develop a baseline classification model. This classification model is then used to classify new or unknown applications either as malware or goodware and if it is malware it alerts the user about the infection.
Our proposed solution has been tested by analyzing both malicious and benign applications collected from different websites. The technique used is shown to be an effective means of detecting malware and alerting users about detection of malware, which suggests that it has the capability to stop the spread of the attack since once the user is aware of the malicious application he can take measures by uninstalling the application. Experimental results show that the proposed solution has detection rate of 96.73% in RandomForest machine learning model which is
Chapter 1
1.1 Introduction
Personal Digital Assistants (PDAs), mobile phones and recently smartphones have evolved from simple mobile phones into sophisticated yet compact minicomputers which can connect to a wide spectrum of networks, including the Internet and corporate intranets. Designed as open, programmable, networked devices, smartphones are susceptible to various malware threats such as viruses, Trojan horses, and worms, all of which are well-known from desktop platforms. These devices enable users to access and browse the Internet, receive and send emails, SMSs, and MMSs, connect to other devices for exchanging information/synchronizing, and activate various applications, which make these devices attack targets [1].
A compromised smartphone can inflict severe damages to both users and the cellular service provider. Malware on a smartphone can make the phone partially or fully unusable; cause unwanted billing; steal private information (possibly by Phishing and Social Engineering); or infect the contacts in the phone-book. Possible attack vectors into smartphones include: Cellular networks, Internet connections (via Wi-Fi, GPRS/EDGE or 3G network access); USB/ActiveSync/Docking and other peripherals [1].
================================================================
Item Type: Project Material | Size: 85 pages | Chapters: 1-5
Format: MS Word | Delivery: Within 30Mins.
================================================================
