Simple record

dc.contributor.advisorZurutuza Ortega, Urko
dc.contributor.advisorUribeetxeberria Ezpeleta, Roberto
dc.contributor.authorSomarriba jarquin, Oscar Manuel
dc.date.accessioned2019-12-09T14:59:43Z
dc.date.available2019-12-09T14:59:43Z
dc.date.issued2019
dc.date.submitted2019-07-09
dc.identifier.otherhttps://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=154047en
dc.identifier.urihttps://hdl.handle.net/20.500.11984/1509
dc.description.abstractThe increasing technological revolution of the mobile smart devices fosters their wide use. Since mobile users rely on unofficial or thirdparty repositories in order to freely install paid applications, lots of security and privacy issues are generated. Thus, at the same time that Android phones become very popular and growing rapidly their market share, so it is the number of malicious applications targeting them. Yet, current mobile malware detection and analysis technologies are very limited and ineffective. Due to the particular traits of mobile devices such as the power consumption constraints that make unaffordable to run traditional PC detection engines on the device; therefore mobile security faces new challenges, especially on dynamic runtime malware detection. This approach is import because many instructions or infections could happen after an application is installed or executed. On the one hand, recent studies have shown that the network-based analysis, where applications could be also analyzed by observing the network traffic they generate, enabling us to detect malicious activities occurring on the smart device. On the other hand, the aggressors rely on DNS to provide adjustable and resilient communication between compromised client machines and malicious infrastructure. So, having rich DNS traffic information is very important to identify malevolent behavior, then using DNS for malware detection is a logical step in the dynamic analysis because malicious URLs are common and the present danger for cybersecurity. Therefore, the main goal of this thesis is to combine and correlate two approaches: top-down detection by identifying malware domains using DNS traces at the network level, and bottom-up detection at the device level using the dynamic analysis in order to capture the URLs requested on a number of applications to pinpoint the malware. For malware detection and visualization, we propose a system which is based on dynamic analysis of API calls. Thiscan help Android malware analysts in visually inspecting what the application under study does, easily identifying such malicious functions. Moreover, we have also developed a framework that automates the dynamic DNS analysis of Android malware where the captured URLs at the smartphone under scrutiny are sent to a remote server where they are: collected, identified within the DNS server records, mapped the extracted DNS records into this server in order to classify them either as benign or malicious domain. The classification is done through the usage of machine learning. Besides, the malicious URLs found are used in order to track and pinpoint other infected smart devices, not currently under monitoring.en
dc.format.extent125en
dc.language.isoengen
dc.publisherMondragon Unibertsitatea. Goi Eskola Politeknikoaen
dc.rights© Oscar Manuel Somarriba Jarquínen
dc.subjectDispositivos de controles
dc.subjectDispositivos de transmisión de datoses
dc.subjectODS 8 Trabajo decente y crecimiento económicoes
dc.subjectODS 9 Industria, innovación e infraestructuraes
dc.titleDynamic monitoring of Android malware behavior: a DNS-based approachen
dcterms.accessRightshttp://purl.org/coar/access_right/c_abf2en
local.description.degreePrograma de doctorado en Ingeniería Mecánica y Energía Eléctricaes
local.description.responsabilityPresidencia: Dr. D. Gabriel Maciá Fernández (Universidad de Granada); Vocalía: Dr. D. Guillermo Suárez de Tangil (Kings College London); Vocalía: Dr. D. Igor Armendariz Huici (Ikerlan, S. Coop.); Vocalía: Dr. D. Borja Sanz Urquijo (Universidad de Deusto); Secretaría: Dr. D. Enaiz Ezpeleta (Mondragon Unibertsitatea)es
local.identifier.doihttps://doi.org/10.48764/hr43-4x94
local.contributor.otherinstitutionhttps://ror.org/04njjy449es
local.contributor.otherinstitutionhttps://ror.org/0220mzb33en
local.contributor.otherinstitutionhttps://ror.org/03hp1m080es
local.contributor.otherinstitutionhttps://ror.org/00ne6sr39es
oaire.format.mimetypeapplication/pdf
oaire.file$DSPACE\assetstore
oaire.resourceTypehttp://purl.org/coar/resource_type/c_db06en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Simple record