Date of Award


Document Type


Degree Name

Master of Science (MS)


Electrical and Computer Engineering

Committee Chair

David J. Coe

Committee Member

Jeff Kulick

Committee Member

Earl Wells


Computer networks--Security measures, Software protection, Data encryption (Computer science), Computer viruses


This work uses salience testing techniques to identify the best performance counter events for detecting malware on Android devices. Modifications were made to a Linux kernel module to enable monitoring and logging of performance counter events. Numerous experiments combining different performance counter events were conducted, and a variety of data aggregation and classification techniques were evaluated. Experiment results were analyzed as to determine how well certain combinations of performance counter events classify applications as malware or non-malware. Results indicate that there are combinations of performance counter events that do much better at detecting malware than those presented in prior work.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.