Contextual environmental information has been used recently for designing
security mechanisms. One of the example is to defend zero interaction
authentication against relay attacks [1], [2]. The contextual information is
collected by various sensors equipped in nowadays daily commodity devices. More
especially, the advent of wearable devices such as smart watches or smart
glasses leverages context sensing to provide richer environmental data (people,
space, location, etc). It is widely known that sensors are noisy. Moreover,
single sensors can only perceive partial environmental information due to
various different factors such as sensor placement, direction, focus, etc.
Therefore, using multiple sensors is required to provide a robust and complete
description of an environment. Data collected from heterogeneous sensors
enhances the awareness of the real world context better compared to what could
be acquired with single sensors. In addition, it is very common that in modern
life, people carry different mobile devices containing multiple sensors which
makes multiple sensing more realistic.
The idea of fusing multiple sensors has been largely investigated. Although it
has a long research history in some domains such as robotics [3], how it can be
applied to the security domain is still not fully explored. Recent researches
proposed combining multiple different sensors collected by single devices [1],
[2] to improve security while maintaining usability.
The thesis topic's goal is to:
Status: Open.
Android mobile devices have become increasingly popular and attracted the
interests of cybercriminals. Mobile malware infection hence raises an alarm of
mobile security and privacy. The traditional approach of detecting malware is
to intensively analyze apps (e.g. AV tools). Scanning all malware samples in
the wild is expensive. Recently, a complementary and less expensive approach
was proposed [1,2]. The approach uses indirect information (device meta data)
to predict device infection. However, it uses only basic information, such as,
set of apps running on devices and average battery usage, for narrowing down
search area of infected devices. Even though the result is promising, it calls
for further research to improve detecting ability.
The goal of this thesis work is to examine features to discriminate devices.
It requires conducting a descriptive statistics analysis on a large dataset
collected from thoudsands of devices to discover new correlations of various
device data (e.g. model, OS version, energy consumption, apps distribution and
lifetime, apps update frequency, device mode (rooted), device status variance
over a timeline, relative prevalance of app signing keys, app stores used) and
apps data (e.g. name, version, signing key, app permission, app installation
source). Once features are built, they will be used to predict device status by
a learning algorithm to labeling infected devices. More specifically, this
thesis work consists of two tasks: (1) time-based analysis on device data that
correlates to infection, and (2) a suitable learning model on device profile
that combines apps and device information to predict infection.
Required Skills: Good mobile programming skills esp. with Linux and Android platforms.
Nice to have experiences in using Hadoop/Spark big data platform,
Python Scikit-learn toolkit or Matlab, Android programming, background in
statistical analysis.:
References:
Status: Close.
We do collaborative research with universities outside Finland. Some of them have student exchange agreements with the University of Helsinki. If you are interested in doing a thesis abroad in one of these places, make a formal application to the department (instructions are here and send e-mail to Prof. Asokan with a short description of where you want to go and what topic interests you along with your current CV and transcripts.