We are looking for an interested student who wants to write her/his bachelor-thesis at the Secure Software Engineering Group about Android Security.
Title: Evaluating the Effectiveness of Android Malware Detection Approaches
Android is the world’s most popular mobile platform hosting various applications for almost every need in different app stores. This makes Android applications a valuable target for attackers. Indeed, there are many different Android malware families that try to financially harm the victim. This is applied by different techniques, such as sending premium-messages or stealing banking credentials. Since the wish of malware authors is to remain undiscovered as long as possible, different obfuscation techniques are applied that makes it very hard to automatically detect malicious applications.
At the same time, many thousand applications get uploaded to app stores or sent to Anti-Virus companies every day, all of which need to be analyzed for malicious behavior. A manual analysis process is infeasible, fostering the need for precise and efficient automatic malware detection approaches. Researchers have developed many different techniques, such as machine-learning approaches or behavior analysis, to try to automatically argue about the maliciousness of an application, but an important question is how to evaluate those approaches. A representative evaluation requires experiments on realistic malware samples.
The task of the student is to (1) create a benchmark-suite with state-of-the-art malware samples including obfuscated or packed malware (2) evaluate different existing detection approaches on that benchmark-suite (3) develop proposals for possible improvements in the detection approaches.
Knowledge about Android is required (implementation of own Android apps would be beneficial), as is the interest in Android security. Reverse engineering skills, especially in the context of Android applications are beneficial.
Thesis can be written in german or english.
Are you interested? Please contact Siegfried Rasthofer at email@example.com / +49 6151 16-75425