| dc.contributor.author | Faghihi, Farnood | en |
| dc.date.accessioned | 2022-05-16T19:57:01Z | |
| dc.date.available | 2022-05-16T19:57:01Z | |
| dc.identifier.uri | http://hdl.handle.net/1974/30131 | |
| dc.description.abstract | As the number of discovered mobile malicious programs increases every year, the pieces of malware are becoming more advanced, and attacks are becoming more complex. Hence, it is critical to enhance mobile malware mitigation methods and develop new tools and techniques to combat state-of-the-art mobile malware. The uniqueness of smartphones in terms of hardware, software, and energy constraints, poses new challenges to the traditional malware detection methods and renders many techniques ineffective or inefficient for mobile platforms. This thesis offers techniques and tools that can be used in collaboration to mitigate mobile malware, making application marketplaces and user devices more secure. The thesis presents RansomCare, a mobile crypto-ransomware detection and mitigation method to protect mobile user data. RansomCare detects and neutralizes crypto-ransomware on smartphones in real-time, employing dynamic and lightweight static analysis. In case of a crypto-ransomware attack, it recovers lost files while preserving data privacy. We also investigate the threat of advanced mobile crypto-ransomware, which is aware of the existing methods and mimics the data manipulation patterns of legitimate applications. By implementing an Android application called Maskware, we demonstrate that it can evade common data-centric metrics such as file entropy, structure, and data transformation. A solution is proposed to detect and neutralize Maskware. The thesis also offers some solutions to mitigate the widespread of mobile malware. We present CamoDroid, an open-source and extendable dynamic analysis framework resilient against the detection by evasive Android malware. CamoDroid cloaks the existence of the analysis environment and provides a broad view of an application's behavior by monitoring and logging the dangerous API calls executed by the application. We provide an Android Interpretable Malware detection method (AIM). AIM is based on a novel application class modeling and utilizes intelligent hybrid analysis and a neural network classifier. AIM can distinguish malware from benign applications and identifies malicious parts of malware applications utilizing the attention mechanism. The evaluation results show the effectiveness of the proposed methods in mitigating mobile malware. | en |
| dc.language.iso | eng | en |
| dc.relation.ispartofseries | Canadian theses | en |
| dc.rights | Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada | en |
| dc.rights | ProQuest PhD and Master's Theses International Dissemination Agreement | en |
| dc.rights | Intellectual Property Guidelines at Queen's University | en |
| dc.rights | Copying and Preserving Your Thesis | en |
| dc.rights | This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner. | en |
| dc.subject | Mobile Malware Detection | en |
| dc.subject | Smartphone Security | en |
| dc.title | Mobile Malware Detection and Mitigation | en |
| dc.type | thesis | en |
| dc.description.degree | PhD | en |
| dc.contributor.supervisor | Zulkernine, Mohammad | |
| dc.contributor.department | Computing | en |
| dc.degree.grantor | Queen's University at Kingston | en |
