Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
Dissertation -Akshay Mathur (revised).pdf (17.33 MB)
ETD Abstract Container
Abstract Header
Building Android Malware Detection Architectures using Machine Learning
Author Info
Mathur, Akshay
ORCID® Identifier
http://orcid.org/0000-0002-6460-006X
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=toledo1671195443020375
Abstract Details
Year and Degree
2022, Doctor of Philosophy, University of Toledo, Engineering.
Abstract
The rapid growth of Android and its worldwide popularity in the smartphone market has made it an easy and accessible target for malware. In the past years, the Android operating system (AOS) has been updated several times to fix various vulnerabilities and to provide new and improved features to its users. Unfortunately, malware apps are also upgraded and made to adapt to this evolution. The ever-increasing number of native AOS permissions and developers' ability to create custom permissions provide plenty of options to gain control over devices and private data. Popular previous works on malware detection used apps collected during 2010-2012 to propose malware detection and classification methods. A majority of permissions in the datasets used in said works are not as widely used or do not exist anymore in modern apps. Therefore, newly created permissions could be of great importance in detecting current malware. Moreover, several novice smartphone users can easily be tricked into downloading apps from third-party app stores or websites. Several users visit such app stores to download paid apps for free. This poses a threat to them, as some of these apps could be laced with malicious code, capable of harming the device, or the user's privacy. Attackers target small websites by posting links to their malicious apps, or target their users through ads where they find a decent number of daily visitors. One of the key reasons as to why attackers are successful in stealing data and infecting devices with malware is the lack of knowledge about the presence of malicious apps all over the internet. People cannot be prevented from accessing such websites, but they can be educated and informed about the use of apps, what permissions do certain apps request for, and how those permissions can prove crucial in preventing loss of privacy or even a malware attack. Users interact with apps to accomplish a certain task. To provide the correct response to the user, the app interacts with the AOS kernel and, in most instances, send or receive data over the internet. Apps execute several processes in the background and send hundreds of packets over the network to execute a task as simple as setting an alarm. Many apps run in the background even when the user is not interacting with them. Therefore, an app could be requesting all the right permissions that experienced users may feel are justified for the app, but their background processes, and the data they send and receive from the internet, are hidden from the user. Malware apps take advantage of this, and may leak private user information without user's knowledge. Hence, there arises a need to not only educate users about utility of permissions, but also warn the user about any potential malware present on their devices. To this effect, this research presents two novel malware detection frameworks for Android -- \textit{NATICUSdroid} and \textit{DAMPENS}. \textit{NATICUSdroid} classifies benign and malware apps using statistically selected native and custom Android permissions as features for various machine learning (ML) classifiers. This model is deployed and tested on an Android app and web app called \textit{Permission-Educator} which can not only classify apps as benign or malicious, but also give details about the utility of permissions used by the app in real-time. We then went a step ahead to create \textit{DAMPENS}, which uses statistically selected features from Network Traffic and System calls invoked by apps, and fused them with \textit{NATICUSdroid} to create a more robust malware detection model with minimal False Positives.
Committee
Ahmad Javaid (Committee Chair)
Mohammad Niamat (Committee Member)
Quamar Niyaz (Committee Member)
Weiqing Sun (Committee Member)
Vijay Devabhaktuni (Committee Member)
Junghwan Kim (Committee Member)
Pages
126 p.
Subject Headings
Computer Science
;
Technology
Keywords
Android Security, Malware Detection, Machine Learning, Cybersecurity,
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Mathur, A. (2022).
Building Android Malware Detection Architectures using Machine Learning
[Doctoral dissertation, University of Toledo]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1671195443020375
APA Style (7th edition)
Mathur, Akshay.
Building Android Malware Detection Architectures using Machine Learning.
2022. University of Toledo, Doctoral dissertation.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=toledo1671195443020375.
MLA Style (8th edition)
Mathur, Akshay. "Building Android Malware Detection Architectures using Machine Learning." Doctoral dissertation, University of Toledo, 2022. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1671195443020375
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
toledo1671195443020375
Download Count:
23
Copyright Info
© 2022, all rights reserved.
This open access ETD is published by University of Toledo and OhioLINK.