ORCID

https://orcid.org/0009-0008-8508-9281

Keywords

AR/VR Security, Benchmark Dataset for AR/VR, Privacy Policies, Machine Learning, Malware Detection

Abstract

The rapid evolution of Augmented Reality (AR) and Virtual Reality (VR) technologies on mobile platforms has significantly impacted the digital landscape, raising concerns about security and privacy. As these technologies integrate into everyday life, understanding their security infrastructure and privacy policies is crucial to protect user data.

To address this, our first study analyzes AR/VR applications from a security and performance perspective. Recognizing the lack of benchmark datasets for security research, we compiled a dataset of 408 AR/VR applications from the Google Play Store. The dataset includes control flow graphs, strings, functions, permissions, API calls, hexdump, and metadata, providing a valuable resource for improving application security.

In the second study, we use BERT to analyze the privacy policies of AR/VR applications. A comparative analysis reveals that while AR/VR apps offer more comprehensive privacy policies than free content websites, they still lag behind premium websites. Additionally, we assess 20 U.S. state privacy regulations using the Coverage Quality Metric (CQM), identifying strengths, gaps, and enforcement measures. This study highlights the importance of critical privacy practices and key terms to enhance policy effectiveness and align industry standards with evolving regulations.

Finally, our third study introduces a scalable approach to malware detection using machine learning models, specifically Random Forest (RF) and Graph Neural Networks (GNN). Utilizing two datasets—one with Android apps, including AR/VR, and Executable and Linkable Format (ELF) files—this research incorporates features such as API call groups and Android-specific features. The GNN model outperforms RF, demonstrating its ability to capture complex feature relationships and significantly improve malware detection accuracy. This work contributes to enhancing AR/VR application security, improving privacy practices, and advancing malware detection techniques.

Completion Date

2025

Semester

Spring

Committee Chair

Mohaisen, David

Degree

Doctor of Philosophy (Ph.D.)

College

College of Engineering and Computer Science

Department

Electrical and Computer Engineering

Identifier

DP0029257

Document Type

Dissertation/Thesis

Campus Location

Orlando (Main) Campus

Download

Share

COinS