Malware detection in smart phones based on graph invariants
Material type:
TextSubject(s): Dissertation note: Master of Science in Computer Science and Information security 2013-2015 INT Summary: As new malwares are appearing at an increasingly alarming rate, the need for automated techniques for identifying malicious behavior is a critical problem and at the same time a scopeful domain too. Malware for smart phones have sky-rocketed these last years, particularly for Android platforms. Contemporary malware makes extensive use of different techniques such as packing, code obfuscation, polymorphism, and metamorphism, to evade signature-based detection. Traditional signature-based detection technique is hard to catch up with latest malware or unknown malware. Behavior-based detection models are being investigated as a new methodology to defeat malware. This approach typically relies on system call sequences/graphs to model a malicious specification/pattern. In this project we try to capitalize on graph theoretic approach for analysis of application behavior as a means for detecting malware in the Android platform.
The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware detection on this platform an urgent issue. This particular piece of work proposes a method for detecting malwares by collecting both benign and malicious applications from the research market and thereafter performing a series of experiments on these applications for designing system call dependency graphs. These graphs are designed on the basis of sequence of communication between system calls, which in turn is obtained by running the binary executable in a virtual device. The result obtained by observing and comparing these system call dependency graphs behaves as a profile for the detection of upcoming malwares. These observations are derived purely in accordance with graph invariants, based on the graph theoretic approach. So here we introduce a new approach which is experimentally proven and has the potential for discovering new malware, because new malwares are constructed by adding new behaviors to existing malware. This work introduces a much advanced approach for detecting malware in Android phones with greater clarity. Using insights from this approach, a new naïve behavior based malware detection scheme can be build that could complement existing detection schemes.
| Item type | Current library | Call number | Status | Date due | Barcode | |
|---|---|---|---|---|---|---|
Project Reports
|
Kerala University of Digital Sciences, Innovation and Technology Knowledge Centre | Not for loan | R-733 |
Master of Science in Computer Science and Information security 2013-2015 INT Tony Thomas
As new malwares are appearing at an increasingly alarming rate, the need for automated techniques for identifying malicious behavior is a critical problem and at the same time a scopeful domain too. Malware for smart phones have sky-rocketed these last years, particularly for Android platforms. Contemporary malware makes extensive use of different techniques such as packing, code obfuscation, polymorphism, and metamorphism, to evade signature-based detection. Traditional signature-based detection technique is hard to catch up with latest malware or unknown malware. Behavior-based detection models are being investigated as a new methodology to defeat malware. This approach typically relies on system call sequences/graphs to model a malicious specification/pattern. In this project we try to capitalize on graph theoretic approach for analysis of application behavior as a means for detecting malware in the Android platform.
The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware detection on this platform an urgent issue. This particular piece of work proposes a method for detecting malwares by collecting both benign and malicious applications from the research market and thereafter performing a series of experiments on these applications for designing system call dependency graphs. These graphs are designed on the basis of sequence of communication between system calls, which in turn is obtained by running the binary executable in a virtual device. The result obtained by observing and comparing these system call dependency graphs behaves as a profile for the detection of upcoming malwares. These observations are derived purely in accordance with graph invariants, based on the graph theoretic approach. So here we introduce a new approach which is experimentally proven and has the potential for discovering new malware, because new malwares are constructed by adding new behaviors to existing malware. This work introduces a much advanced approach for detecting malware in Android phones with greater clarity. Using insights from this approach, a new naïve behavior based malware detection scheme can be build that could complement existing detection schemes.
There are no comments on this title.