SOME SECURITY INVESTIGATIONS ON SMARTPHONE PLATFORM

Abstract

Security investigations on smartphone platform is an interesting field of mobile security. Amongst different smartphone platforms available in the smartphone ecosystem, Android is the most widespread platform because of its open architecture. Unluckily, android based smartphones have progressively turned into the key target of the attackers, thereby enforcing urgency for security investigations. Vulnerabilities in the android smartphone platform occur due to numerous weaknesses inherent in the smartphone's software, hardware, OS, firmware, and applications. These weaknesses are exploited by the attackers to extract sensitive information by articulating a plethora of attacks. The rising popularity of apps has enticed attackers to design malicious apps (malapps) to extract critical information such as banking credentials, social networking passwords, official documents, contacts, etc. These malapps are evolving and using novel techniques to target smartphones. These malapps are designed to evade detection and mitigation techniques. The traditional detection tools trust mostly on signature-oriented approaches and hence are not able to recognise sophisticated malapps. Thus, there is a need to design techniques for improved malapp identification and classification. There is also dearth of adequate research on scrutinising the threats posed by malapps. The main aim of this study is to address these issues and offer powerful solutions. A lot of solutions have been proposed based on the static, dynamic, hybrid, and traffic analysis approaches. But designing and developing a robust framework by fusing the various static, dynamic, and traffic features is tiresome and demands further research. Therefore, it is indispensable to develop solutions encompassing both feature and ix score level fusion that can handle the challenges in the detection of various malicious applications. Feature fusion comprises an optimal fusion of various static, dynamic, and traffic features resulting in a unified feature. This unified feature is fed to the ensemble of parallel classifiers and their respective scores are optimally fused. The objective of this thesis is to suggest robust static, hybrid, and traffic-based frameworks to detect the vulnerabilities in smartphone platform. To address the issues in the static analysis, a smartphone security analysis technique based on the amalgamation of multiple static features followed by fusion of scores of three classifiers connected in parallel has been proposed. The performance of the proposed static analysis technique is experimentally validated using chimeric databases. But the static analysis approaches fail to detect run-time behaviours of malapps. To address this issue and an optimal unification of static and dynamic features for smartphone security analysis has been proposed. The proposed solution exploits both static and dynamic features for generating a highly distinct unified feature vector using graph-based methods. Further, a unified feature is subjected to the fuzzy-based classification model to distinguish benign and malicious applications. The suggested framework is extensively experimentally validated through both qualitative and quantitative analysis and results are compared with the existing solutions. Performance evaluation over benchmarked datasets revealed that the suggested solution outperforms state-of-the-art methods. Some malicious applications are detected solely on the traffic based characteristics. There are multitude of traffic features that can be exploited for detection of malapps. x But the fusion of complementary traffic features are not exploited till date for the detection of malapps. To address the traffic analysis problem, a novel traffic feature based analysis framework wherein multiple traffic features are optimally combined to generate unified feature for the detection of unintended functionality has been proposed. Generated unified feature is then given to classifiers to get corresponding classifier scores. The score fusion method is further employed to get the final score for the detection of unintended functionality arising out of the malicious application. The robustness of the suggested framework when evaluated on the standard datasets outperforms contemporary techniques. Thus, by developing these novel techniques, all major issues regarding the smartphone platform security analysis have been addressed. This thesis incorporates the developed techniques and their performance evaluation along with future directions.