EPS POLYTECHNIC SCHOOL - Graduate Hall
Information about Guillermo Suarez-Tangil can be found here
Smart devices equipped with powerful sensing, computing and networking capabilities have proliferated lately, ranging from popular smartphones and tablets to Internet appliances, smart TVs, and others that will soon appear (e.g., watches, glasses, and
clothes). One key feature of such devices is their ability to incorporate third-party apps from a variety of markets. This poses strong security and privacy is- sues to users and infrastructure operators, particularly through software
of malicious (or dubious) nature that can easily get access to the services provided by the device and collect sensory data and personal information. Malware in current smart devices (mostly smartphones and tablets) has rocketed
in the last few years, supported by sophisticated techniques (e.g., advanced obfuscation and targeted infection and activation engines) purposely designed to overcome security architectures currently in use by such devices. This
phenomenon is known as the proliferation of smart malware. Even though important advances have been made on malware analysis and detection in traditional personal computers during the last decades, adopting and adapting those techniques
to smart devices is a challenging problem. For example, power consumption is one major constraint that makes unaffordable to run traditional detection engines on the device, while externalized (i.e., cloud-based) techniques rise
many privacy concerns. This Thesis examines the problem of smart malware in such devices, aiming at designing and developing new approaches to assist security analysts and final users in the analysis of the security nature of apps.
We first present a comprehensive analysis on how malware has evolved over the last years, as well as recent progress made to analyze and detect malware. Additionally, we compile together the most cutting-edge open source tools, and
we design a versatile and multipurpose research laboratory for smart malware analys and detection. Second, we propose a number of methods and techniques aiming at better analyzing smart malware in scenarios with a constant and large
stream of apps that require security inspection. More precisely, we introduce Dendroid, an effective system based on text mining and information retrieval techniques. Dendroid uses static analysis to measures the similarity between
malware samples, which is then used to automatically classify them into families with remarkably accuracy. Then, we present Alterdroid, a novel dynamic analysis technique for automatically detecting hidden or obfuscated malware functionality.
Alterdroid introduces the notion of differential fault analysis for effectively mining obfuscated malware components distributed as parts of an app package. Next, we present an evaluation of the power-consumption trade-offs among
different strategies for off-loading, or not, certain security tasks to the cloud. We develop a system for testing several functional tasks and metering their power consumption. Based on the results obtained in this analysis, we
then propose a cloud-based system, called Targetdroid, that addresses the problem of detecting targeted malware by relying on stochastic models of usage and context events derived from real user traces. Based on these models, we
build an efficient automatic testing system capable of triggering targeted malware. Finally, based on the conclusions extracted from this Thesis, we propose a number of open research problems and future directions where there is
room for research.