Adelaide Research & Scholarship
Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/135572
| Type: | Thesis |
| Title: | Dissecting Malicious Behaviours of Mobile Applications |
| Author: | Wang, Wei |
| Issue Date: | 2022 |
| School/Discipline: | School of Computer Science |
| Abstract: | This thesis dissects the behaviours of malicious software and unveils the internal mechanism of evading the detection by malware detectors. With the popularity of smartphones, malicious software has been one of the most severe risks to the public. Therefore, mobile security has been a critical and hot topic in security research. Various malware detection and antivirus methodologies have been proposed to defend the rapid evaluation and variation. These malware variants can camouflage themselves with complicated techniques, such as obfuscation and feature perturbation, to evade the detection by antivirus products. Machine learning-based malware detection techniques are introduced into these products to address this problem. Machine learning-based malware detectors leverage features extracted from malicious and benign software to train detection models to identify malware and its variants effectively. In this thesis, I will first conduct a literature review of state-of-the-art malware detection techniques to unveil how these techniques contribute to anti-malware research. The literature review covers state-of-the-art methodologies, including software static and dynamic analysis, malware detection and machine learning. Then, an explainability-guided measurement approach is proposed to measure malware detectors’ functionalities and guide adversarial sample generation. In this approach, we introduce a novel measurement concept, Accrued Malicious Magnitude (AMM) to identify which malware features should be manipulated to maximize the likelihood of evading detection. The AMM is defined as the product of the magnitude of SHAP values in each feature and the number of samples that have malicious-oriented values in the corresponding feature. Compared with SHAP values representing features’ importance to the prediction results, AMM values reflect how much the specific features can contribute to flipping the prediction result. Finally, I will conclude the thesis and discuss the future work. |
| Advisor: | Wagner, Markus Xue, Minhui |
| Dissertation Note: | Thesis (MPhil) -- University of Adelaide, School of Computer Science, 2022 |
| Keywords: | Mobile applications Malicious behaviours |
| Provenance: | This electronic version is made publicly available by the University of Adelaide in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. This thesis may incorporate third party material which has been used by the author pursuant to Fair Dealing exceptions. If you are the owner of any included third party copyright material you wish to be removed from this electronic version, please complete the take down form located at: http://www.adelaide.edu.au/legals |
| Appears in Collections: | Research Theses |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| Wang2022_MPhil.pdf | 3.04 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.