Background

The increased dependency on personal mobile devices combined with the wealth of personal data the devices contain make mobile device a prime target for malware. Actual infection rates are still low compared to malware on PCs, but they are also not negligible: recent estimates suggest infection rates to be around 0.26-0.28%. While the current infection rates are still relatively low, malware incidence rates have rapidly risen in previous years and reports suggest the prevalence of malware to further rise over the next years. At the same the nature of malware is continually evolving as new possible threats are being discovered.

Default safety measures, such as application permissions, provide only moderate protection against malware, calling for more advanced protection mechanisms. Existing antimalware techniques, despite their widespread adoption on desktop computers, are too resource intensive for mobile platforms: a simple file scan can take up to half an hour and decrease battery level even by 2 percent. To ensure best possible mobile user experience while at the same time safeguarding the user, techniques for detecting susceptibility to mobile malware that are both effective and lightweight in terms of their computational and resource requirements are required.

Objective

The density of malware in different application stores tends to vary considerably, with some stores having a high malware incidence rate. Cross-application promotions and on-device advertising are other factors that can affect susceptibility to malware infections. The set of applications used on a device can serve as a (weak) proxy for the application stores used by the user of the device, thus potentially providing information about the device’s susceptibility to malware.

The goal of the Thesis is to implement several state-of-the-art application recommendation algorithms and to evaluate their performance in determining the susceptibility of malware infection on mobile devices. The necessary data for the evaluation will be provided, and consists of application profiles collected from over 55,000 mobile devices together with information about infectious mobile applications

References

H.T. T. Truong, E. Lagerspetz, P. Nurmi, A. J. Oliner, S. Tarkoma, N. Asokan, S. Bhattacharya, The Company You Keep: Measuring Mobile Malware Infection Rates and Identifying Inexpensive Predictors of Susceptibility to Infection, Proceedings of WWW 2014.

Pre-print available from: http://arxiv.org/abs/1312.3245