Mohd Faizal , Ab Razak (2018) A malware risk analysis and detection system for mobile devices using permission-based features / Mohd Faizal Ab Razak. PhD thesis, University of Malaya.
Abstract
In recent years, the amount of malware targeting Android users has increased dramatically. Among many mobile operating systems, the Android operating system is most targeted by malware. In order to detect malware which causes immense chaos and problems to mobile device users, the Android mobile applications need to be analysed. Two types of malware analysis are available namely, static analysis and dynamic analysis. Static analysis examines the whole code of the applications thoroughly while dynamic analysis identifies malware applications by monitoring their behaviors. Although both types of analysis have been performed with some level of success, additional processes are needed to improve the malware detection system. This is because current technologies indicate that malware attackers find novel ways of avoiding detection while causing harm. This thesis aims to propose an efficient malware detection system which uses the machine learning approach and the risk analysis approach to analyse Android applications. This study focusses in particular on permission features which are able to disclose the sensitive information noted on Android mobile devices. This study uses data samples accessed from Drebin by collecting 5,560 applications from 179 different malware families. It also uses data samples accessed from Androzoo by collecting 5,000 benign applications. This study also proposes a novel quantitative security method for evaluating the risk analysis of malicious and benign applications based on Android permissions. The risk analysis helps users to understand the risk level of the applications. It also improves user attention by giving responses to the users regarding permissions that contain high-risk levels. More specifically, this study performs four experiments through to validate the proposed system for use. In particular, this study introduces the EZADroid for evaluating and zoning the Android applications which apply the Analytic Hierarchy Process (AHP) as a decision factor to calculate the risk values and to assess the prediction performance through True Positive Rate (TPR), False Positive Rate (FPR), accuracy, f-measure and precision. Finally, a website was established to validate the prediction performance with machine learning approach that measures its efficiency and effectiveness. The outstanding results imply that this study has proven that the permission features are capable of classify malware applications.
Actions (For repository staff only : Login required)
![[img]](http://studentsrepo.um.edu.my/style/images/fileicons/application_pdf.png)
