IndexEvolution of MalwareAndroid MalwareTypes of Android MalwareRoot ExploitExisting ApproachesAim and ObjectiveThe Android operating system started its journey with the public release of Android beta in November 2007. But its first commercial version Android 1.0 was introduced in September 2008. Android is a mobile operating system developed by Google, based on the Linux kernel and designed primarily for touch screen mobile devices such as smartphones and tablets. It is continuously developed by Google and the Open Handset Alliance. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay Since 2008, many versions of Android operating systems have been introduced. The most common are ginger bread, honeycomb, ice cream sandwich, gummy candies, kitkats, lollipops and marshmallows. at the time of writing, only 32.3% of Android devices on the market have Marshmallow, which was introduced early 2 years ago. Evolution of malware Initially, when computer systems were understood mainly by a few experts, the development of malware was a test of one's technical skills and knowledge. For example, the PC Internet worm known as Creeper displayed provocative messages, but the threat risk (e.g. stolen data, damaged systems) was remarkably low. However, as time passed since the 1980s, the drive to create malware became less recreational and more profit-driven, as hackers actively sought sensitive, personal, and corporate information. In 2015, a report showed that attackers can earn up to $12,000 per month via mobile malware 173 Additionally, an increase in black markets (i.e., markets for selling stolen data, system vulnerabilities, malware source code, malware development) provided greater incentives for profit. driven malware [106].Android MalwareMalware is defined as malicious software specifically designed to target a mobile device, such as a tablet or smartphone, to damage or disrupt the system. Maximum cellular malware is designed to disable a cellular device, allow an attacker to control the device remotely, or borrow non-public information saved on the device. Since the Android operating system has become the most attractive operating system for mobile companies, it is more at risk of malware attacks than other operating systems. The number of malicious Android apps has steadily increased over the past four years. In 2013, just over half a million were malicious. In 2015 it had risen to just under 2.5 million. For 2017, the number has increased to almost 3.5 million.Types of Android MalwareThe following are the main categories of Android malwareBotnetRoot exploitAndroid marketSend SMSInstall applicationRoot ExploitRoot-exploit is malware that modifies the kernel of the Android operating system (OS) to get super user privileges. Once attackers gain root privileges, they are able to install other types of malware, such as botnets, worms, or Trojans. Once root privilege is gained, an attacker/malware can bypass the Android sandbox, perform many types of malicious activities, and even wipe evidence of compromise. For this reason, malware with embedded root exploits is on the rise. In fact, as seen in the latest news, it has become increasingly common for malware found in third-party Android markets or even the official Google Play Store to contain root exploits. In recent years, malware rooting has been the biggest threat to Android users. These Trojansthey are difficult to detect, boast a wide range of features, and are very popular among cyber criminals. Their main goal is to show victims as many advertisements as possible and silently install and launch the advertised apps. In some cases, aggressive display of pop-up ads and delays in executing user commands can render a device unusable. Rooting malware usually attempts to gain superuser rights by exploiting system vulnerabilities that allow it to do almost anything. Installs modules in system folders, thus protecting them from removal. In some cases, such as Ztorg, even factory resetting your device does not delete the malware. It is worth noting that this trojan was also distributed via the Google Play Store: there we found almost 100 apps infected with various Ztorg modifications. One of them has been installed more than a million times. Existing approaches In dynamic malware analysis, the behavior of malware executed in the system is checked. In most cases, virtual machine/device is used for this method. Simply check the behavior and network logs of the malware after running the malware application on your machine. Droidbox, Android SDK and Android Audit are the tools that can be used for dynamic analysis. During static analysis, reverse engineering tools and techniques are used to decompile the malware application. The non-runtime environment is used for static analysis. At the same time, the application is analyzed for all possible run-time behavior and looks for coding flaws, backdoors and malicious code. In Androguard static analysis, dex2jar, apk inspector are the tools that can be used. In both approaches, machine learning algorithms were used to create classification models by training classifiers with malware datasets and features collected from static or dynamic analysis. The learned classification models are then used to detect malicious Android apps and classify them into their respective families. Problem StatementCurrently, most malware detection systems focus on mobile malware in general. Similarly, no detection solution targeting mobile applications involved in root exploit activities is available in the literature. What are the most important structural features an intruder can use to design root exploits in Android-based mobile apps? · How to classify root exploits from a malicious corpus using machine learning techniques? Goals and objectivesMobile devices such as smartphones have become one of the most important devices of the current century. Likewise, the Android operating system is recognized as the most popular operating system used by the smartphone. As a result, Android has become one of the most attractive targets for malware authors. Different types of Android malware are Botnet, root exploit, SMS sending, GPS location and banking Trojans. A proper Android malware detection system is often helpful in avoiding such silent malware. This study will focus on detecting a special malware called root exploit with the help of machine learning. It has been noted that current Android malware detection techniques may not apply to specific root exploit malware. Root exploit malware is considered to be the most dangerous Android malware that gains root privileges. Several techniques have been introduced by researchers. we will use the machine learning classifier to separate the root exploit from the applicationsbenign based on features extracted from static analysis of the Android APK. Division of the thesis: the structure of this thesis is organized as follows. Chapter 2 presents related work on static exploit and dynamic malware detection in Android environment. Chapter 3 shows the implementation of this study covering the framework, tools used, datasets, feature extraction and selection, and training of machine learning classifiers. Chapter 4 illustrates the results and performance evaluation of the classifiers. Chapter 5 concludes the study, emphasizes our findings and suggests further potential for future work for the approaches proposed in this thesis. CHAPTER NO. 22. Literature ReviewThere are generally two malware detection methods known as static analysis and dynamic analysis [2]. . In the dynamic study, applications run in a secure sandbox environment and collect runtime traces from each application for malicious intent. While static analysis focuses on techniques to reverse engineer the application by recreating the algorithm and program code. Mobile application analysis system that uses both static analysis and dynamic analysis to detect hidden malware [3]. Static analysis introduced two additional capabilities for malware analysis, native permissions and intent prioritization, including common functionality of permissions and function calls. Sandbox is used to find the malicious action that may be present in the user-loaded application. The system tracks sending short messages initiated via an application rather than by the user, the Android emulator is modified. The Python programming language uses to set up a technique called UnipDroid, which uses good discriminative functionality to distinguish benign applications from malware applications. [4]. Machine learning classification algorithms are used after static analysis of a large dataset from the Android application to find the best performing algorithm in terms of accuracy and speed. The result shows that unipdroid is efficient and effective. Dynamic analysis cannot manage storage space, but only detects and prevents mobile malware[5]. The cloud service can detect malware and predict its behavior, but it cannot prevent mobile malware. A new model that integrates cloud service and dynamic analysis capabilities is a better solution for detecting and preventing mobile malware. It is discussed in [6] understanding current state-of-the-art static analysis research techniques used in malware analysis. Static analysis techniques can be used to address many software questions raised during different phases of the software life cycle. Four high-level archetypal motivations for using malware-specific static analysis techniques during development are identified, and maintenance detection techniques are analyzed through a comprehensive survey[7]. Security models and protection mechanisms in the most popular platforms for smart devices are discussed in depth. At the same time, we have observed how malware has recently evolved in most accepted platforms through suspicious actions, practiced targeting and sharing policies. The proposed system provides the detection technique using static analysis with creator information [8]. The system achieves nearly 100% accuracy in detecting malware by checking particular parts of applications based on functionality and permissions. At the same time, the algorithm of.