Android Application Vulnerability Detection and Mitigation using hybrid methods

Android Application Vulnerability Detection and Mitigation using hybrid methods


Android Application Vulnerability Detection and Mitigation using hybrid methods

نوع: Type: thesis

مقطع: Segment: masters

عنوان: Title: Android Application Vulnerability Detection and Mitigation using hybrid methods

ارائه دهنده: Provider: Naser Saeidi Koosha

اساتید راهنما: Supervisors: Dr.reza mohammadi - Dr.mohammad Nasiri

اساتید مشاور: Advisory Professors:

اساتید ممتحن یا داور: Examining professors or referees: Dr.Mehdi abbasi - Dr.Mehdi sakhaei

زمان و تاریخ ارائه: Time and date of presentation: March 1, 2023

مکان ارائه: Place of presentation: Amphitheatre

چکیده: Abstract: These days, most people are using mobile phones and applications installed on the Android operating system. Hence, information stored in mobile phones is attractive to hackers. This issue causes many attacks by hackers towards Android applications. Most of these attacks occur by exploiting application vulnerabilities. Every year, millions of applications enter the market, if they do not have sufficient security, they endanger the security of users' information. To prevent leakage of user information, it is necessary to know and discover the vulnerability of Android applications. Three methods static, dynamic and machine learning are used to discover vulnerabilities. In this paper, all three methods are used on the Androsec database with 1179 applications. In fact, a hybrid solution to extract the degree of vulnerability of the application has been investigated. First, dynamic analysis is performed with automatic code generation. Automated code is generated and executed by the appium program. At this stage, the penetration test is performed with attacks from the Drozer program to the target program. Then static analysis is done with different machine learning algorithms. Eight important features are used for training and testing the machine learning model. The comparison results show that random forest algorithms in the static method have 99% accuracy due to its high speed in detecting applications with low vulnerability. The support vector algorithm and logistic regression are ranked next in detecting applications with low accuracy vulnerability with 87% and 74%, respectively

فایل: ّFile: