دانلود کتاب شناسایی هوشمند بدافزار موبایل

Nowadays, smart phones are widely used for making phone calls, sending mes- sages, storing personal data, browsing the Internet, online banking and more. Because of this, smart phones have become targets for cyber-attacks involving mal- ware. Cyber criminals are targeting smart phones to spread malware in order to steal money and confidential data stored in those phones. Malware applications such as trojan SMS and trojan banker can cause great financial loss to users. Trojan SMS can send SMS messages to premium rate numbers in the background and trojan banker can steal the online banking details of a user without the user’s knowledge. Therefore, it has become very essential to secure smart phones against malware attacks. With the widespread usage of the Android operating system, the number of mal- ware targeting Android smart phones has risen several folds. Almost 98% of smart- phone malware are designed for Android devices. Most of the existing anti-malware products are still relying on static and signature-based malware detection mecha- nisms. Static analysis is a method of detecting malware application by analyzing the source code of the application without executing it. In signature-based analysis, the hash value of an application is compared with a list of hash values of known malicious applications for identifying whether the application is one among the listed malware. These detection mechanisms can be easily evaded by code transformation attacks. Hence, it is essential to develop novel malware detection mechanisms based on dy- namic analysis for accurate malware detection. Dynamic analysis mechanisms con- sider runtime information such as system metrics, network level information, system calls and more for detecting the malicious behavior of the application. A malicious application typically invokes sensitive APIs in an automated manner to perform priv- ileged operations. This automated invocation of API calls gets reflected in the system call sequence of the application. Hence, system calls are considered as one of most effective features for capturing the malicious behavior of an application. Most of the existing system call-based malware detection mechanisms consider the system call frequencies or co-occurrences in the system call sequence for mal- ware detection. The system call frequency-based mechanisms use machine learning classifiers to detect malware based on the independent occurrences of each individual system call in the entire sequence. These mechanisms do not consider the relation- ships among the system calls in a system call sequence. In system call co-occurrence- based mechanisms, the mutual relationships between system calls in the sequence are considered for malware detection. However, these approaches do not consider the complex relationships among the system calls crucial for identifying the malicious behavior of an application. This book is an attempt to present representation and characterization of Android malware using graph and stochastic models and use such representations and charac- terizations to detect Android malware. First, the state-of-the-art static malware detec- tion mechanisms and their limitations are presented in this book. This will be followed by detailed presentations of a hybrid malware detection mechanism and four different system call-based dynamic Android malware detection mechanisms based on recent research by the authors. This book will teach readers how to develop effective An- droid malware detection mechanisms using graph centrality measures, graph signal processing and graph convolutional networks. The source codes are also provided in the appendix for easy implementations of the mechanisms. This book will be highly useful for Android malware researchers, developers, students and cyber security pro- fessionals.