Behavioral runtime defense for mobile banking apps via syscall hooks. Thesis research - a method that detects malicious behavior at runtime, not signatures at build time.
Mobile banking apps face injection, repackaging, and runtime bypass attacks. Signature checks and code obfuscation don't catch novel behavior at runtime.
Intercept system calls at the OS boundary. Model normal call patterns per app, flag drift. Anomaly detection on call signatures rather than payload signatures.
A prototype runtime-defense module and a documented methodology - the research output of the thesis. Detection logic is testable against synthetic injection scenarios.
Runtime telemetry beats static checks when the threat model includes repackaging and live injection. The hard part isn't the detection - it's keeping the false-positive budget low enough that real users don't flinch.