Abstract
The rapid evolution of mobile devices and the speed at which they integrate into the Internet of Things (IoT) ecosystem has led to an alarming surge in cyberattacks, particularly those exploiting zero-day vulnerabilities. Zero-day attacks target previously unknown weaknesses in software and hardware, leaving users and security experts with little to no time to react, resulting in severe consequences such as data breaches, financial loss, and operational disruptions. This dissertation addresses the critical challenge of detecting zero-day malware on mobile devices by proposing a novel approach based on unsupervised deep learning and advanced feature engineering.
A comprehensive analysis of zero-day malware characteristics, attack vectors, and existing detection limitations revealed significant gaps in current methodologies, including signature-based, static, and dynamic analysis, particularly their inability to detect highly elusive attacks without predefined signatures. To address these gaps, this research integrates feature engineering techniques, including autoencoders, Chi-square and TabNet-based, for selecting or extracting highly relevant behavioural patterns from mobile applications. The proposed model was trained exclusively on benign data to capture the latent space of normal device behaviour. The plan is to reconstruct the learned patterns in order to identify deviations that fall outside the acceptable error margin. This approach
enables the detection and flagging of malicious files based on their unusual latent space, even without predefined signatures.
To succeed with this plan, the study employed sparse autoencoders as the deep learning framework to capture the inherent patterns in benign behaviours, datasets from Drebin and KronoDroid projects, and feature engineering methods identified above. Furthermore, the study investigates the potential of incorporating user profiling as an additional layer of defence. It explores how behavioural patterns, such as app usage, network access, and device interactions, can be ethically and legally analysed to enhance zero-day detection accuracy and predict targeted attacks.
As such, this research has successfully introduced a paradigm shift by focusing on the innate patterns of benign application behaviour, relying on the unsupervised learning to model normalcy and identify deviations indicative of malicious activities. The system's performance is rigorously evaluated using diverse and realistic datasets, including Drebin and KronoDroid, demonstrating its ability to identify zero-day malware while minimising false positives accurately.
This research significantly contributes to ongoing mobile cybersecurity measures by introducing a proactive, adaptive, and privacy-preserving solution for detecting zero-day malware on mobile devices. The findings have important implications for the research community and the mobile app ecosystem. They create a new generation of intelligent, self-governing defence mechanisms that protect mobile devices against the evolving threat landscape.