Android Application Install-time Permission Validation and Run-time Malicious Pattern Detection
| dc.contributor.author | Ma, Zhongmin | en |
| dc.contributor.committeechair | Clancy, Thomas Charles III | en |
| dc.contributor.committeemember | Silva, Luiz A. | en |
| dc.contributor.committeemember | Lou, Wenjing | en |
| dc.contributor.department | Electrical and Computer Engineering | en |
| dc.date.accessioned | 2014-02-01T09:00:11Z | en |
| dc.date.available | 2014-02-01T09:00:11Z | en |
| dc.date.issued | 2014-01-31 | en |
| dc.description.abstract | The open source structure of Android applications introduces security vulnerabilities that can be readily exploited by third-party applications. We address certain vulnerabilities at both installation and runtime using machine learning. Effective classification techniques with neural networks can be used to verify the application categories on installation. We devise a novel application category verification methodology that involves machine learning the application permissions and estimating the likelihoods of different categories. To detect malicious patterns in runtime, we present a Hidden Markov Model (HMM) method to analyze the activity usage by tracking Intent log information. After applying our technique to nearly 1,700 popular third-party Android applications and malware, we report that a major portion of the category declarations were judged correctly. This demonstrates the effectiveness of neural network decision engines in validating Android application categories. The approach, using HMM to analyze the Intent log for the detection of malicious runtime behavior, is new. The test results show promise with a limited input dataset (69.7% accuracy). To improve the performance, further work will be carried out to: increase the dataset size by adding game applications, to optimize Baum-Welch algorithm parameters, and to balance the size of the Intent sequence. To better emulate the participant's usage, some popular applications can be selected in advance, and the remainder can be randomly chosen. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:1860 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/25238 | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Android | en |
| dc.subject | Security | en |
| dc.subject | Android Permission Label | en |
| dc.subject | Machine Learning Neural Network | en |
| dc.subject | Action | en |
| dc.subject | Intent | en |
| dc.subject | Intent Log | en |
| dc.subject | Hidden Markov Model | en |
| dc.title | Android Application Install-time Permission Validation and Run-time Malicious Pattern Detection | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Engineering | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1