Automatic rule-extraction for malware detection on mobile devices
MetadataVis full innførsel
Malware causes damage not only to personal computers, yet also to contemporary mobile devices. With growing performance and storage capabilities users of mobile devices tend to store more sensitive information than before. Additionally, mobile platforms allow to use charged telecom services via installed software applications for extending the functionality of devices. Beside certified application-distribution services, users can download applications from uncertified developers. The amount of applications have been increasing exponentially each year and part of them are distributed by third-party markets. Taking all these aspects into account, mobile devices have become attractive targets for attackers and their malicious software. Mobile platforms possess restricted access to information and execution of applications. In order to be able to execute some functionality, applications require a user to provide a set of permissions. Another protection mechanism is commercial Anti-Virus (AV) software that uses socalled signatures. These signatures define indicators used for malicious applications recognition. The detection process of such software can be as simple as file names comparison or as complex as checking system artifacts. Sometimes signatures can be composed only as a result of advanced malware reverse engineering. Despite the fact of the existing protection solutions, there is still a challenge to detect malware automatically in dynamic environment. This is because the malware detection process involves evaluation of different factors, which accompany malware execution. This study focuses on deriving fuzzy rules for malware detection automatically. Challenges of malware detection are many-fold and therefore we will focus on mobile devices in this study. We introduce precise artifacts that mobile malware leaves during execution. In this study a virtualized environment is involved in studying dynamic malware behavior. In addition, analysis of static malware attributes is performed. The goal is not only to derive malware detection rules automatically, yet also empower them with linguistic meaning that is understandable by human. The thesis will establish a method in, which combination of Artificial Neural Networks (ANN) and Fuzzy Logic (FL) is utilized for rules extraction. In result, such rules are human-explainable, which allows forensics analyst to use them in a court of law. Finally, the thesis presented here provides justification of how derived rules can be applied in an automated analysis of large amount of mobile malware.