Mobile OS Vulnerabilities: Quantitative and Qualitative Analysis

This is book offers in-depth analysis of security vulnerabilities in different mobile operating systems. It provides methodology and solutions for handling Android malware and vulnerabilities and transfers the latest knowledge in machine learning and deep learning models towards this end. Further, it presents a comprehensive analysis of software vulnerabilities based on different technical parameters such as causes, severity, techniques, and software systems' type. Moreover, the book also presents the current state of the art in the domain of software threats and vulnerabilities. This would help analyze various threats that a system could face, and subsequently, it could guide the securityengineer to take proactive and cost-effective countermeasures.

Security threats are escalating exponentially, thus posing a serious challenge to mobile platforms. Android and iOS are prominent due to their enhanced capabilities and popularity among users. Therefore, it is important to compare these two mobile platforms based on security aspects. Android proved to be more vulnerable compared to iOS. The malicious apps can cause severe repercussions such as privacy leaks, app crashes, financial losses (caused by malware triggered premium rate SMSs), arbitrary code installation, etc. Hence, Android security is a major concern amongst researchers as seen in the last few years. This book provides an exhaustive review of all the existing approaches in a structured format.

The book also focuses on the detection of malicious applications that compromise users' security and privacy, the detection performance of the different program analysis approach, and the influence of different input generators during static and dynamic analysis on detection performance. This book presents a novel method using an ensemble classifier scheme for detecting malicious applications, which is less susceptible to the evolution of the Android ecosystem and malware compared to previous methods. The book also introduces an ensemble multi-class classifier scheme to classify malware into known families. Furthermore, we propose a novel framework of mapping malware to vulnerabilities exploited using Android malware's behavior reports leveraging pre-trained language models and deep learning techniques. The mapped vulnerabilities can then be assessed on confidentiality, integrity, and availability on different Android components and sub-systems, and different layers.

這本書提供了對不同移動操作系統中安全漏洞的深入分析。它提供了處理Android惡意軟體和漏洞的方法和解決方案，並將最新的機器學習和深度學習模型的知識應用於此領域。此外，它還根據不同的技術參數（如原因、嚴重程度、技術和軟體系統類型）對軟體漏洞進行了全面分析。此外，該書還介紹了軟體威脅和漏洞領域的最新研究成果。這將有助於分析系統可能面臨的各種威脅，並指導安全工程師採取積極和具有成本效益的對策。

安全威脅呈指數級增長，對移動平台構成了嚴重挑戰。由於其增強的功能和受用戶歡迎，Android和iOS是顯著的平台。因此，基於安全方面比較這兩個移動平台是很重要的。相比iOS，Android被證明更容易受到攻擊。惡意應用程式可能導致嚴重後果，如隱私洩露、應用程式崩潰、金融損失（由惡意軟體觸發的高價短信）、任意代碼安裝等。因此，Android安全是近年來研究人員關注的重點。本書以結構化的方式詳細回顧了所有現有方法。

本書還關注破壞用戶安全和隱私的惡意應用程式的檢測、不同程式分析方法的檢測性能，以及靜態和動態分析中不同輸入生成器對檢測性能的影響。本書提出了一種使用集成分類器方案檢測惡意應用程式的新方法，相比以前的方法，該方法對Android生態系統和惡意軟體的演進較不敏感。本書還介紹了一種集成多類別分類器方案，將惡意軟體分類為已知家族。此外，我們提出了一種新的框架，利用預訓練語言模型和深度學習技術，將惡意軟體映射到利用Android惡意軟體行為報告所利用的漏洞。然後，可以對不同Android組件和子系統以及不同層次的映射漏洞進行機密性、完整性和可用性評估。

Shivi Garg has Doctor of Philosophy in December 2021 from Information Technology Department, Indira Gandhi Delhi Technical University for Women, (IGDTUW), Delhi, India. Thesis title: Design and Analysis of Mobile Application Vulnerabilities. She is also a post graduate in Information security from Delhi Technological University (DTU) Delhi, India. She has teaching and research experience since August 2016. Currently she is an Assistant Professor at J.C. Bose University of Science & Technology, YMCA, Faridabad. Her research interests include- Information Security, mobile security, cyber security, and Machine learning. Her publication and other details can be found at: https: //sites.google.com/view/shivigarg/home

Niyati Baliyan is an Assistant Professor, Department of Computer Engineering, National Institute of Technology Kurukshetra, Haryana. She has attained Doctor of Philosophy from Computer Science Department, Indian Institute of Technology (IIT) Roorkee, India. Her thesis title was "Quality Assessment of Semantic Web based Applications". She also has a Post Graduate Certificate in Information Technology from Sheffield Hallam University, Sheffield, U.K.Niyati obtained Chancellor's Gold Medal for being University topper during post graduate studies at Gautam Buddha University. She is co-author of "Semantic Web Based Systems: Quality Assessment Models, SpringerBriefs in Computer Science",2018. Her research interests include-Knowledge Engineering, Machine Learning, Healthcare analytics, Recommender systems, Information Security, and Natural Language Processing. Her publication and other details can be found at: https: //sites.google.com/site/niyatibaliyan.

Shivi Garg於2021年12月獲得印度德里女子技術大學（IGDTUW）資訊技術系的哲學博士學位。論文題目為《移動應用程式漏洞的設計與分析》。她也擁有印度德里工業大學（DTU）資訊安全的碩士學位。自2016年8月以來，她一直從事教學和研究工作。目前她是J.C. Bose科學與技術大學YMCA分校的助理教授。她的研究興趣包括資訊安全、移動安全、網絡安全和機器學習。她的出版物和其他詳細信息可在以下網址找到：https://sites.google.com/view/shivigarg/home

Niyati Baliyan是哈里亞納邦國立工業技術學院計算機工程系的助理教授。她在印度羅爾基爾印度理工學院（IIT）計算機科學系獲得博士學位。她的論文題目是《基於語義網的應用程式質量評估》。她還擁有英國謝菲爾德哈勒姆大學的資訊技術研究生證書。Niyati在高塔姆佛陀大學攻讀研究生期間獲得校長金牌獎。她是《基於語義網的系統：質量評估模型》（SpringerBriefs in Computer Science，2018）的合著者。她的研究興趣包括知識工程、機器學習、醫療分析、推薦系統、資訊安全和自然語言處理。她的出版物和其他詳細信息可在以下網址找到：https://sites.google.com/site/niyatibaliyan。