Malware detection on Android platforms

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Mobile malware have been spreading rapidly over the last couple of years. Most of the attackers target the most popular mobile platform: the Android. The platform is suitable for attackers because of it's open-source nature and ease of development. We have seen a lot of different solutions to detect unknown malware by means of Android emulator, however, the newest samples are able to detect this runtime environment. Making the emulator transparent is difficult enough, as the emulation can always be detected by external timing sources. An application with known detection techniques can simply scan through the device to pinpoint malicious behavior patterns. I am going to integrate two different features to detect such rouge applications: an integrity checker and a permission-based classificator. I use the former to detect system partition modifications. As this system partition has read-only permissions in normal circumstances, only a malicious application with root privileges can commit any changes on it. Considering the permission based classificator, I use machine learning techniques to classify the application into two separate categories. These categories attribute to the clean and the malicious classes. If my application detects malicious behavior, it notifies the corresponding user. The application runs continuously as a background process protecting the user from unknown attacks.


Please sign in to download the files of this thesis.