A Comparative Study of Static Code Metrics and Behavioural Metrics for Predicting Risk Scores in Android Apps

Simple item page
dc.contributor.authorNafis, Fahim Arsad
dc.contributor.authorMunia, Maysha Afrin
dc.contributor.authorSaiara, Syeda Mishra
dc.date.accessioned2023-03-15T06:34:17Z
dc.date.available2023-03-15T06:34:17Z
dc.date.issued2022-05-30
dc.descriptionSupervised by Mr. Ashraful Alam Khan, Assistant Professor, Co-Supervisors: Mr. S. M. Sabit Bananee, Lecturer, Mr. Imtiaj Ahmed Chowdhury, Lecturer, This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2022.en_US
dc.description.abstractIdentifying security flaws and distinguishing non-susceptible code from vulnerable code is a difficult undertaking. Security flaws are usually inert until they are exploited. Software metrics have been widely utilized to forecast and signal a variety of software quality features. We investigate static code metrics and behavioral code metrics, their correlation, and their association with security vulnerabilities in Android applications. The aim of the study is to understand: (i) the comparison between static software metrics and behavioral code metrics; (ii) the ability of these metrics to predict security vulnerabilities, and (iii) which are the strongly correlated static code metrics and behavioral code metrics. From our study, we have found that even though static code metrics require higher computational power, it provides better results to predict the risky behavior of android applications and Random Forest Regression provides more stable results with a better R2 score for this specified dataset which we create for our thesis.en_US
dc.identifier.citation[1] Apr 8 et al. Raxis: Penetration testing, Red Teaming. url: https://raxis. com/. [2] Mamdouh Alenezi and Iman Almomani. “Empirical Analysis of Static Code Metrics for Predicting Risk Scores in Android Applications”. In: Jan. 2018, pp. 84–94. isbn: 978-3-319-78752-7. doi: 10.1007/978-3-319- 78753-4_8. [3] Apktool. url: https://ibotpeaches.github.io/Apktool/. [4] Deathmarine. Luyten: An open source java decompiler GUI for Procyon. url: https://github.com/deathmarine/Luyten. [5] Ken Dunham et al. Android malware and analysis. CRC Press, 2014. [6] Improve your code with Lint checks nbsp;: nbsp; Android developers. url: https: //developer.android.com/studio/write/lint. [7] Linkedin. Linkedin/qark: Tool to look for several security related Android application vulnerabilities. url: https://github.com/linkedin/qark. [8] Maaaaz. Androwarn: Yet another static code analyzer for malicious Android Applications. url: https://github.com/maaaaz/androwarn. [9] Claudio Moraga. “Introduction to Fuzzy Logic”. In: Facta universitatis - series: Electronics and Energetics 18 (Sept. 2005), pp. 319–328. doi: 10. 2298/FUEE0502319M. [10] Ya Pan et al. “A Systematic Literature Review of Android Malware Detection Using Static Analysis”. In: IEEE Access 8 (2020), pp. 116363–116379. doi: 10.1109/ACCESS.2020.3002842. [11] pxb1988. dex2jar: Tools to work with Android .dex and java .class files. url: https://github.com/pxb1988/dex2jar. [12] Akond Rahman et al. “Predicting Android Application Security and Privacy Risk with Static Code Metrics”. In: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft). 2017, pp. 149–153. doi: 10.1109/MOBILESoft.2017.14. 19 [13] Santoku Linux. url: https://santoku-linux.com/. [14] SonarQube: Code quality and code security. url: https://www.sonarqube. org/. [15] Karl Thurnhofer-Hemsi et al. “Radial basis function kernel optimization for Support Vector Machine classifiers”. In: CoRR abs/2007.08233 (2020). arXiv: 2007.08233. url: https://arxiv.org/abs/2007.08233en_US
dc.identifier.urihttp://hdl.handle.net/123456789/1767
dc.language.isoenen_US
dc.publisherDepartment of Computer Science and Engineering(CSE), Islamic University of Technology(IUT), Board Bazar, Gazipur, Bangladeshen_US
dc.subjectstatic code metrics, behavioral metrics, risk scoreen_US
dc.titleA Comparative Study of Static Code Metrics and Behavioural Metrics for Predicting Risk Scores in Android Appsen_US
dc.typeThesisen_US

Files

Original bundle

Now showing 1 - 3 of 3
Thumbnail Image
Name:
Munia_thesis.pdf
Size:
780.68 KB
Format:
Adobe Portable Document Format
Description:
Full text of the Thesis
Download
Thumbnail Image
Name:
Munia_ 19% Turnitin similarity.pdf
Size:
437.22 KB
Format:
Adobe Portable Document Format
Description:
Turnitin report_19% similarity
Download
Thumbnail Image
Name:
Munia_ signature page.pdf
Size:
518.71 KB
Format:
Adobe Portable Document Format
Description:
Signature of authors and supervisors
Download

License bundle

Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

2022