Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List


Soham_Kelkar_Thesis.pdf (569.96 KB)

ETD Abstract Container

Abstract Header

Detecting Information Leakage in Android Malware Using Static Taint Analysis

Kelkar, Soham P.
http://rave.ohiolink.edu/etdc/view?acc_num=wright1514202750763563

Abstract Details

2017, Master of Science in Cyber Security (M.S.C.S.), Wright State University, Computer Science.
According to Google, Android now runs on 1.4 billion devices. The growing popularity has attracted attackers to use Android as a platform to conduct malicious activities. To achieve these malicious activities some attacker choose to develop malicious Apps to steal information from the Android users. As the modern day smartphones process, a lot of sensitive information, information security, and privacy becoming a potential target for the attacker. The malicious Apps steal information from the infected phone and send this information to the attacker-controlled URLs using various Android sink functions. Therefore, it necessary to protect data as it can prove detrimental if sensitive data of the user gets leaked to the attacker. In this thesis research, we first discuss our static taint analysis framework used to track sensitive information flow from source to sink. We then study the relationship between the leaked data and URLs involved in the information leakage. The framework was tested on more than 2000 malicious samples to determine whether the samples leak information and the external URLs participating in the information leakage. The result shows that 30 percent of malware samples leak 24 unique Android sensitive information to around 330 suspicious URLs. We try to derive relations between the leaked data and the suspicious URLs to gain more intelligence on information security and privacy threat from information leaking malware samples. Finally, we conclude our research by discussing some various information leakage scenarios other than suspicious URLs. Our study raises awareness in both network security and information security domains where programmers fail to follow secure coding practices.
Junjie Zhang, Ph.D. (Advisor)
Adam Bryant, Ph.D. (Committee Member)
Yong Pei, Ph.D. (Committee Member)
74 p.
Computer Engineering; Computer Science; Engineering
Android malware; Android taint analysis; Android static code analysis; Android malware information leakage;

Recommended Citations

Citations

  • Kelkar, S. P. (2017). Detecting Information Leakage in Android Malware Using Static Taint Analysis [Master's thesis, Wright State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=wright1514202750763563

    APA Style (7th edition)

  • Kelkar, Soham. Detecting Information Leakage in Android Malware Using Static Taint Analysis. 2017. Wright State University, Master's thesis. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=wright1514202750763563.

    MLA Style (8th edition)

  • Kelkar, Soham. "Detecting Information Leakage in Android Malware Using Static Taint Analysis." Master's thesis, Wright State University, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=wright1514202750763563

    Chicago Manual of Style (17th edition)

wright1514202750763563
1,761
© 2017, all rights reserved.
This open access ETD is published by Wright State University and OhioLINK.