OATAO - Open Archive Toulouse Archive Ouverte Open Access Week

Preventing the release of illegitimate applications on mobile markets

Wapet, Patrick Lavoisier. Preventing the release of illegitimate applications on mobile markets. PhD, Informatique et Télécommunication, Institut National Polytechnique de Toulouse, 2021

[img]
Preview
(Document in English)

PDF (Author's version) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
2MB

Abstract

The popularity of mobile applications has been growing worldwide over the last few decades. This popularity is attracting more and more authors of malicious applications called malwares. To detect those malwares, mobile markets have implemented analysis methods that suffer from several limitations. Those we have identified and which we propose to solve in the scope of this thesis are mainly two . The first is the inability to cope with a new method of malware publication consisting in anticipating the mobile version of a company that does not yet have one. The second limitation is the difficulty, due to app tracing, encountered by dynamic analysis solutions to be able to scale. To solve the first limitation we designed and implemented a security check system called IMAD (Illegitimate Mobile App Detector), which is based mainly on online search engines and machine learning techniques. To solve the second problem, we introduced a scalable tracing approach, that we call delegated instrumentation. It leverages Android's instrumentation module and mainly relies on ART (Android RunTime) reverse engineering and hacking. The evaluation results show that IMAD can protect companies from anticipation attacks with an acceptable error rate and at a low cost for MMPs. And we demonstrated the effectiveness of the delegated instrumentation with a prototype named ODILE that traces various app types (including benign apps and malwares) on Samsung Galaxy A7 2017. In particular, we show how much ODILE outperforms Frida, the state-of-the-art tool in the domain.

Item Type:PhD Thesis
Uncontrolled Keywords:
Institution:Université de Toulouse > Institut National Polytechnique de Toulouse - Toulouse INP (FRANCE)
Laboratory name:
Research Director:
Hagimont, Daniel and Tchana, Alain Bouzaïde
Statistics:download
Deposited On:21 Oct 2021 08:18

Repository Staff Only: item control page