Show simple item record

dc.contributor.authorBarton, Daniel John Trevinoen_US
dc.date.accessioned2016-08-23T08:00:13Z
dc.date.available2016-08-23T08:00:13Z
dc.date.issued2016-08-22en_US
dc.identifier.othervt_gsexam:8766en_US
dc.identifier.urihttp://hdl.handle.net/10919/72286
dc.description.abstractAndroid malware collusion is a new threat model that occurs when multiple Android apps communicate in order to execute an attack. This threat model threatens all Android users' private information and system resource security. Although recent research has made advances in collusion detection and classification, security analysts still do not have robust tools which allow them to definitively identify colluding Android applications. Specifically, in order to determine whether an alert produced by a tool scanning for Android collusion is a true-positive or a false-positive, the analyst must perform manual analysis of the suspected apps, which is both time consuming and prone to human errors. In this thesis, we present a new approach to definitive Android collusion detection and confirmation by rendering inter-component communications between a set of potentially collusive Android applications. Inter-component communications (abbreviated to ICCs), are a feature of the Android framework that allows components from different applications to communicate with one another. Our approach allows Android security analysts to inspect all ICCs within a set of suspicious Android applications and subsequently identify collusive attacks which utilize ICCs. Furthermore, our approach also visualizes all potentially collusive data-flows within each component within a set of apps. This allows analysts to inspect, step-by-step, the the data-flows that are currently used by collusive attacks, or the data-flows that could be used for future collusive attacks. Our tool effectively visualizes the malicious and benign ICCs in sets of proof-of-concept and real-world colluding applications. We conducted a user study which revealed that our approach allows for accurate and efficient identification of true- and false-positive collusive ICCs while still maintaining usability.en_US
dc.format.mediumETDen_US
dc.publisherVirginia Techen_US
dc.rightsThis Item is protected by copyright and/or related rights. Some uses of this Item may be deemed fair and permitted by law even without permission from the rights holder(s), or the rights holder(s) may have licensed the work for use under certain conditions. For other uses you need to obtain permission from the rights holder(s).en_US
dc.subjectAndroid Malwareen_US
dc.subjectSecurityen_US
dc.subjectVisualizationen_US
dc.subjectApp Collusionen_US
dc.titleUsable Post-Classification Visualizations for Android Collusion Detection and Inspectionen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Scienceen_US
dc.description.degreeMaster of Scienceen_US
thesis.degree.nameMaster of Scienceen_US
thesis.degree.levelmastersen_US
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen_US
thesis.degree.disciplineComputer Science and Applicationsen_US
dc.contributor.committeechairYao, Danfengen_US
dc.contributor.committeememberNorth, Christopher L.en_US
dc.contributor.committeememberTilevich, Elien_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record