Show simple item record

dc.contributor.authorBronfman-Nadas, Raphael
dc.date.accessioned2018-08-21T18:02:33Z
dc.date.available2018-08-21T18:02:33Z
dc.identifier.urihttp://hdl.handle.net/10222/74129
dc.description.abstractOn the Internet today, mobile malware is one of the most common attack methods. These attacks are usually established via malicious mobile apps. One technique used to combat this threat is the deployment of mobile malware detectors. In this thesis, I aim to explore the similarity between artificial evolution and the cycle of developmental adaptation between malware and cyber security developers. Mo- bile malware is often a derivative of past results, only modified slightly to avoid detection. In turn, this requires the security, malware detectors, to react and im- prove. The result is a cycle of modifications of malware and improvements of secu- rity. Using this cycle, I shape an artificial evolutionary arms race between mobile malware and malware detectors to consider how this structure will allow for the adaptation of detectors to evolving threats. To model this interaction, I present a co-evolution of two genetic algorithms in the roles of malware and malware detec- tor. The experimental evaluations on publicly available malicious / non-malicious mobile apps and their variants generated by the artificial arms race show that this approach improves the detector’s understanding of the problem. During the ex- periments, the detectors generated were simpler then when not using an artificial arms race, and required less data from each malware sample to detect the mali- cious behaviours. Given the variety of apps available, I also considered how this approach performs when trained with different sources of non-malicious apps. I considered apps from: F-Droid, an open source app repository for Android; and Google Play, the default installed app store on Android devices. Each source was used to train detectors with one set as a baseline and then testing performance with the other set. I found that the F-Droid trained detectors performed better than the Google Play trained detectors at differentiation between malware and non-malicious apps outside of the source they were trained on. In conclusion, al- though my evaluations were performed using Android malware, this approach is sufficiently generic that it could be extended to other forms of malware on other platforms.en_US
dc.language.isoenen_US
dc.subjectSecurityen_US
dc.subjectArtificial arms raceen_US
dc.subjectCo-evolutionen_US
dc.subjectMachine Learningen_US
dc.titleIMPROVING MOBILE MALWARE DETECTORS USING CO-EVOLUTION TO CREATE AN ARTIFICIAL ARMS RACESen_US
dc.date.defence2018-08-16
dc.contributor.departmentFaculty of Computer Scienceen_US
dc.contributor.degreeMaster of Computer Scienceen_US
dc.contributor.external-examinern/aen_US
dc.contributor.graduate-coordinatorMcAllister, Michaelen_US
dc.contributor.thesis-readerKalyaniwalla, Nauzeren_US
dc.contributor.thesis-readerHeywood, Malcolmen_US
dc.contributor.thesis-supervisorZincir-Heywood, Nuren_US
dc.contributor.ethics-approvalNot Applicableen_US
dc.contributor.manuscriptsNot Applicableen_US
dc.contributor.copyright-releaseNot Applicableen_US
 Find Full text

Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record