Show simple item record

dc.contributor.authorMANZANO, RICARDO ALEJANDRO 15:20:21 (GMT) 15:20:21 (GMT)
dc.description.abstractAnomaly detection has been applied in different fields of science and engineering over many years to recognize inconsistent behavior, which can affect the regular operation of devices, machines, and even organisms. The main goal of the research described in this thesis is to extract the meaningful features of an object's characteristics that allow researchers recognize such malicious behavior. Specifically, this work is focused on identifying malicious behavior in Android smartphones caused by code running on it. In general, extraneous activities can affect different parameters of such devices such as network traffic, CPU usage, hardware and software resources. Therefore, it is possible to use these parameters to unveil malicious activities. Using only one parameter can not guarantee an accurate model since a parameter may be modified by cybercriminals to act as a benign application. In contrast, using many parameters can produce excessive usage of smartphone's resources, or/and it can affect the time of detection of a proposed methodology. Considering that malicious activities are injected through the software applications that manage the usage of all hardware components, a smartphone's overall power consumption is a better choice for detecting malicious behavior. This metric is considered critical for anomaly analysis because it summarizes the impact of all hardware components' power consumption. Using only one metric is guaranteed to be efficient and accurate methodology for detecting malware on Android smartphones. This thesis analyzes the accuracy of two methodologies that are evaluated with emulated and real malware. It is necessary to highlight that the detection of real malware can be a challenging task because malicious activities can be triggered only if a user executes the correct combination of actions on the application. For this reason, in the present work, this drawback is solved by automating the user inputs with Android Debug Bridge (ADB) commands and Droidbot. With this automation tool, it is highly likely that malicious behavior can act, leaving a fingerprint in the power consumption. It should be noted that power consumption consist of time-series data that can be considered non-stationary signals due to changes in statistical parameters such as mean and variance over time. Therefore, the present work approaches the problem by analyzing each signal as a stochastic, using Changepoint detection theory to extract features from the time series. Finally, these features become the input of different machine learning classifiers used to differentiate non-malicious from malicious applications. Furthermore, the efficiency of each methodology is assessed in terms of the time of detection.en
dc.publisherUniversity of Waterlooen
dc.subjectMalware Detectionen
dc.subjectChangepoint detectionen
dc.subjectPower measurementen
dc.subjectMachine learningen
dc.subjectDrebin dataseten
dc.subjectReal Malwareen
dc.titleDetection of Anomalous Behavior of Wireless Devices using Power Signal and Changepoint Detection Theory.en
dc.typeMaster Thesisen
dc.pendingfalse and Computer Engineeringen and Computer Engineeringen of Waterlooen
uws-etd.degreeMaster of Applied Scienceen
uws.contributor.advisorKshirasagar, Naik
uws.contributor.affiliation1Faculty of Engineeringen

Files in this item


This item appears in the following Collection(s)

Show simple item record


University of Waterloo Library
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4883

All items in UWSpace are protected by copyright, with all rights reserved.

DSpace software

Service outages