Malware causes damage not only to personal computers, yet also to contemporary mobile devices.
With growing performance and storage capabilities users of mobile devices tend to store
more sensitive information than before. Additionally, mobile platforms allow to use charged telecom
services via installed software applications for extending the functionality of devices. Beside
certified application-distribution services, users can download applications from uncertified developers.
The amount of applications have been increasing exponentially each year and part of
them are distributed by third-party markets. Taking all these aspects into account, mobile devices
have become attractive targets for attackers and their malicious software.
Mobile platforms possess restricted access to information and execution of applications. In
order to be able to execute some functionality, applications require a user to provide a set of
permissions. Another protection mechanism is commercial Anti-Virus (AV) software that uses socalled
signatures. These signatures define indicators used for malicious applications recognition.
The detection process of such software can be as simple as file names comparison or as complex
as checking system artifacts. Sometimes signatures can be composed only as a result of advanced
malware reverse engineering. Despite the fact of the existing protection solutions, there is still a
challenge to detect malware automatically in dynamic environment. This is because the malware
detection process involves evaluation of different factors, which accompany malware execution.
This study focuses on deriving fuzzy rules for malware detection automatically. Challenges
of malware detection are many-fold and therefore we will focus on mobile devices in this study.
We introduce precise artifacts that mobile malware leaves during execution. In this study a virtualized
environment is involved in studying dynamic malware behavior. In addition, analysis of
static malware attributes is performed. The goal is not only to derive malware detection rules
automatically, yet also empower them with linguistic meaning that is understandable by human.
The thesis will establish a method in, which combination of Artificial Neural Networks (ANN)
and Fuzzy Logic (FL) is utilized for rules extraction. In result, such rules are human-explainable,
which allows forensics analyst to use them in a court of law. Finally, the thesis presented here provides
justification of how derived rules can be applied in an automated analysis of large amount
of mobile malware