School of Information Technology and Engineering

Permanent URI for this collection

http://etd.aau.edu.et/handle/123456789/460

Browse

Browsing School of Information Technology and Engineering by Author "Fitsum Assamnew (PhD)"

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Framework for Identifying Forensic Artifacts from Ride-hailing Android Applications
    (Addis Ababa University, 2025-03) Munir Kemal; Fitsum Assamnew (PhD)
    Different services are offered through our mobile devices as a result of the increasing usage of smartphones in this world. One of these services is the ride-hailing service in which the taxi transportation service is managed from a common operation center with the help of driver and passenger applications that the end users have installed on their smartphones. In our country, Ethiopia, there are many companies that offer this service, such as Ride, Feres, ZayRide, Seregela, Safe, Taxiye, and others. Today, many crimes such as theft, murder, etc. are committed against drivers or riders while working or using this transportation service in Ethiopia. Current research focuses mainly on the forensic investigation of social networks and banking applications. A research by K. Kiptoo proposed a forensic investigation framework to identify forensic artifacts from Android on-demand ride applications such as Uber, Little and Bolt that operate in Kenya. In this research, we propose a forensic framework by customizing the existing framework proposed by K. Kiptoo to enhance the identification of forensic artifacts from Android based ride-hailing applications after experimentation with ride-hailing applications such as Ride, Zayride and Feres. The proposed forensic framework for ride-hailing applications involves six phases: Collection, Setting up and Configuration, Extraction and Preservation, Application Database Location, Examination and Analysis, and finally Reporting. While experimenting, we were able to recover valuable artifacts such as passenger profile information, passenger device details, location data, time information, and driver-related data from ride-hailing applications, which are crucial digital evidence in the investigation of digital crimes. This research also investigated the level of role and the challenges of using digital forensic evidence to close a criminal case by Ethiopian law enforcement agencies using a specially designed questionnaire distributed to them. The research findings show that even though its role as evidence usage is increasing, we were able to identify major issues such as legal and procedural inconsistencies, lack of expertise, resource limitation, and lack of clear forensic standards that may hinder the use of digital evidence obtained from digital systems such as ride-hailing applications in a digital world full of complex digital crimes.
  • No Thumbnail Available
    Item
    Investigating Malicious Capabilities of Android Malwares that Utilize Accessibility Services
    (Addis Ababa University, 2025-02) Tekeste Fekadu; Fitsum Assamnew (PhD)
    The Android accessibility service provides a range of powerful capabilities. These include observing user actions, reading on-screen content, and executing actions on behalf of the user. Although these features are designed to enhance the user experience for individuals with disabilities, they introduce design vulnerabilities that make the accessibility service susceptible to malicious exploitation. This research investigates how Android malware leverages accessibility services for malicious purposes. By analyzing a dataset of malicious applications, we identified common patterns of accessibility service abuse and developed a machine learning-based detection approach using TinyBERT and XGBoost models. We first manually compiled a base dataset of 134 accessibility service event patterns comprising source and sink API calls. These patterns were labeled according to specific malicious functionalities: BlockAccess, ManipulateUI, and ContentEavesdrop. To address data limitations, we generated callgraph from 121 malware samples using Flow- Droid taint analysis and applied agglomerative clustering and fuzzy matching, ultimately expanding the dataset size to 1,497 patterns. Our classification experiments compared the performance of TinyBERT, a transformer-based model, and XGBoost, a gradient-boosted decision tree model, in classifying malicious functionalities. Results show TinyBERT’s outstanding performance, achieving an accuracy of 97.7% and an F1 score of 97.6% over ten-fold cross-validation, compared to XGBoost’s 90.4% accuracy and 90.0% F1 score. This study demonstrates the potential of transformer-based models in capturing sequential dependencies and contextual characteristics in API call patterns, enabling robust detection of accessibility service misuse. Our findings contribute a novel approach to detecting malicious behavior in Android malware and a valuable dataset that may aid similar research.