LIGHTWEIGHT SECURITY AUDITING TOOL FOR ANDROID SMART MOBILE PHONE: DESIGN AND IMPLEMENTATION

TABLE OF CONTENTS
Abstract

Chapter 1 Introduction
1.2       Statement of the problem
1.3       Objectives
1.4       Methodology
1.5       Thesis outline

Chapter 2 Background Information
2.1       Android System Architecture
2.1.1    Linux kernel
2.1.2    Libraries
2.1.3    Android runtime
2.1.4    Application framework
2.1.5    Applications
2.2       Dalvik Virtual Machine
2.2.1    Hardware constraints
2.2.2    Bytecode
2.3       Android applications
2.3.1    Application components
2.3.2    Manifest
2.3.3    Native code
2.3.4    Distribution
2.4       Android Threat
2.4.1    Spyware
2.4.2    Root exploit
2.4.3    Botnet
2.4.4    SMS Trojans
2.4.5    Drive-by-download
2.5       Android Security Overview
2.5.1    Permissions
2.5.2    Sandbox
2.5.3    Application signing
2.5.4    Remote kill switch
2.5.5    File System and User/Group Permissions
2.5.6    Google Bouncer
2.5.7    Anti-malware applications
2.6       Intrusion Detection System
2.6.1    Definition
2.6.2    Detection types

Chapter 3 Related Work
3.1       Background and Surveys

Chapter 4 Design and Implementation
4.1       Design
4.1.1    What to collect
4.1.2    Framework design
4.1.3    Dataset description
4.2       Implementation
4.2.1    Tools used during implementation

Chapter 5   Experimental Result and Evaluation
5.1       Analyzing the requested permission feature
5.2       Analyzing the Intent information
5.3       Analyzing the network behavior of Apps
5.4       Evaluation of Proposed Framework using combined feature set
5.5       Performance overhead analysis

Chapter 6   Conclusions and Recommendations
Bibliography
Appendix

Abstract
Due to the fast growing market in Android smartphone operating systems to date cyber criminals have naturally extended their target towards Google‘s Android mobile operating system. Threat researchers are reporting an alarming increase of detected malware for Android from 2012 to 2013. Static analysis techniques for malware detection are based on signatures of known malicious applications. It cannot detect new malware applications and the attacker will get window of opportunities until the threat databases are updated for the new malware. Malware detection techniques based on dynamic analysis are mostly designed as a cloud based services where the user must submit the application to know whether the application is malware or not.

As a solution to these problems, in this work we design and implement a host based lightweight security auditing tool that suits resource-constrained mobile devices in terms of low storage and computational requirements. Our proposed solution utilizes the open nature of the Android operating system and uses the public APIs provided by the Android SDK to collect features of known-benign and known-malicious applications. The collected features are then provided to machine learning algorithm to develop a baseline classification model. This classification model is then used to classify new or unknown applications either as malware or goodware and if it is malware it alerts the user about the infection.

Our proposed solution has been tested by analyzing both malicious and benign applications collected from different websites. The technique used is shown to be an effective means of detecting malware and alerting users about detection of malware, which suggests that it has the capability to stop the spread of the attack since once the user is aware of the malicious application he can take measures by uninstalling the application. Experimental results show that the proposed solution has detection rate of 96.73% in RandomForest machine learning model which is

used during the final development of our proposed solution as an Android application and low rate offalse positive rate(0.01). Performance impact on the Android system can also be ignored which is only 3.7-5.6% CPU overhead, 3-4% of RAM overhead and the battery exhaustion is only 2%.

Chapter 1
1.1 Introduction
Personal Digital Assistants (PDAs), mobile phones and recently smartphones have evolved from simple mobile phones into sophisticated yet compact minicomputers which can connect to a wide spectrum of networks, including the Internet and corporate intranets. Designed as open, programmable, networked devices, smartphones are susceptible to various malware threats such as viruses, Trojan horses, and worms, all of which are well-known from desktop platforms. These devices enable users to access and browse the Internet, receive and send emails, SMSs, and MMSs, connect to other devices for exchanging information/synchronizing, and activate various applications, which make these devices attack targets [1].

A compromised smartphone can inflict severe damages to both users and the cellular service provider. Malware on a smartphone can make the phone partially or fully unusable; cause unwanted billing; steal private information (possibly by Phishing and Social Engineering); or infect the contacts in the phone-book. Possible attack vectors into smartphones include: Cellular networks, Internet connections (via Wi-Fi, GPRS/EDGE or 3G network access); USB/ActiveSync/Docking and other peripherals [1].

The challenges for smartphone security are becoming very similar to those that personal computers encounter and common desktop-security solutions are often being downsized to mobile devices. However, some of the desktop solutions (i.e., antivirus software) are inadequate for use on smartphones as they consume too much CPU and memory and might result in rapid draining of the power source. In addition, most antivirus detection capabilities depend on the existence of an updated malware signature repository, therefore the antivirus users are not protected whenever an attacker spreads previously unencountered malware. Since the response time of antivirus vendors may vary between several hours to several days to identify the new malware, generate a signature, and update their clients‘ signature database, hackers have a substantial window of opportunity. Some malware instances may target a specific and relatively small number of mobile devices (e.g., to extract confidential information or track owner‘s location) and will therefore take quite a time till they are discovered....

For more Electrical & Computer Engineering Projects click here
================================================================
Item Type: Project Material  |  Attribute: 85 pages  |  Chapters: 1-5
Format: MS Word  |  Price: N3,000  |  Delivery: Within 30Mins.
================================================================

Share:

No comments:

Post a Comment

Select Your Department

Featured Post

Reporting and discussing your findings

This page deals with the central part of the thesis, where you present the data that forms the basis of your investigation, shaped by the...

Followers