Android Application Vulnerability Detection and Mitigation using hybrid methods - دانشکده فنی و مهندسی
Android Application Vulnerability Detection and Mitigation using hybrid methods
نوع: Type: thesis
مقطع: Segment: masters
عنوان: Title: Android Application Vulnerability Detection and Mitigation using hybrid methods
ارائه دهنده: Provider: Naser Saeidi Koosha
اساتید راهنما: Supervisors: Dr.reza mohammadi - Dr.mohammad Nasiri
اساتید مشاور: Advisory Professors:
اساتید ممتحن یا داور: Examining professors or referees: Dr.Mehdi abbasi - Dr.Mehdi sakhaei
زمان و تاریخ ارائه: Time and date of presentation: March 1, 2023
مکان ارائه: Place of presentation: Amphitheatre
چکیده: Abstract: These days, most people are using mobile phones and applications installed on the Android operating system. Hence, information stored in mobile phones is attractive to hackers. This issue causes many attacks by hackers towards Android applications. Most of these attacks occur by exploiting application vulnerabilities. Every year, millions of applications enter the market, if they do not have sufficient security, they endanger the security of users' information. To prevent leakage of user information, it is necessary to know and discover the vulnerability of Android applications. Three methods static, dynamic and machine learning are used to discover vulnerabilities. In this paper, all three methods are used on the Androsec database with 1179 applications. In fact, a hybrid solution to extract the degree of vulnerability of the application has been investigated. First, dynamic analysis is performed with automatic code generation. Automated code is generated and executed by the appium program. At this stage, the penetration test is performed with attacks from the Drozer program to the target program. Then static analysis is done with different machine learning algorithms. Eight important features are used for training and testing the machine learning model. The comparison results show that random forest algorithms in the static method have 99% accuracy due to its high speed in detecting applications with low vulnerability. The support vector algorithm and logistic regression are ranked next in detecting applications with low accuracy vulnerability with 87% and 74%, respectively
فایل: ّFile: Download فایل