Cyber Forensics Intelligence Center
Permanent URI for this collectionhttps://hdl.handle.net/20.500.11875/2423
Browse
Browsing Cyber Forensics Intelligence Center by Subject "android"
Now showing 1 - 3 of 3
- Results Per Page
- Sort Options
Item Detecting Repackaged Android Applications Using Perceptual Hashing(Proceedings of the 53rd Hawaii International Conference on System Sciences, 2020-01) Nguyen, Thanh; McDonald, J. Todd; Glisson, William Bradley; Andel, Todd R.The last decade has shown a steady rate of Android device dominance in market share and the emergence of hundreds of thousands of apps available to the public. Because of the ease of reverse engineering Android applications, repackaged malicious apps that clone existing code have become a severe problem in the marketplace. This research proposes a novel repackaged detection system based on perceptual hashes of vetted Android apps and their associated dynamic user interface (UI) behavior. Results show that an average hash approach produces 88% accuracy (indicating low false negative and false positive rates) in a sample set of 4878 Android apps, including 2151 repackaged apps. The approach is the first dynamic method proposed in the research community using image-based hashing techniques with reasonable performance to other known dynamic approaches and the possibility for practical implementation at scale for new applications entering the Android market.Item Exploitation and Detection of a Malicious Mobile Application(Proceedings of the 50th Hawaii International Conference on System Sciences, 2017-01) Nguyen, Thanh; McDonald, J. Todd; Glisson, William BradleyMobile devices are increasingly being embraced by both organizations and individuals in today’s society. Specifically, Android devices have been the prominent mobile device OS for several years. This continued amalgamation creates an environment that is an attractive attack target. The heightened integration of these devices prompts an investigation into the viability of maintaining non-compromised devices. Hence, this research presents a preliminary investigation into the effectiveness of current commercial anti-virus, static code analysis and dynamic code analysis engines in detecting unknown repackaged malware piggybacking on popular applications with excessive permissions. The contribution of this paper is two-fold. First, it provides an initial assessment of the effectiveness of anti-virus and analysis tools in detecting malicious applications and behavior in Android devices. Secondly, it provides process for inserting code injection attacks to stimulate a zero-day repackaged malware that can be used in future research efforts.Item Machine Learning-Based Android Malware Detection Using Manifest Permissions(Proceedings of the 54th Hawaii International Conference on System Sciences, 2021-01-05) Herron, Nathan; Glisson, William Bradley; McDonald, J. Todd; Benton, Ryan K.The Android operating system is currently the most prevalent mobile device operating system holding roughly 54 percent of the total global market share. Due to Android’s substantial presence, it has gained the attention of those with malicious intent, namely, malware authors. As such, there exists a need for validating and improving current malware detection techniques. Automated detection methods such as anti-virus programs are critical in protecting the wide variety of Android-powered mobile devices on the market. This research investigates effectiveness of four different machine learning algorithms in conjunction with features selected from Android manifest file permissions to classify applications as malicious or benign. Case study results, on a test set consisting of 5,243 samples, produce accuracy, recall, and precision rates above 80%. Of the considered algorithms (Random Forest, Support Vector Machine, Gaussian Naïve Bayes, and K-Means), Random Forest performed the best with 82.5% precision and 81.5% accuracy.