• Title, Summary, Keyword: 악성 앱 탐지

Search Result 23, Processing Time 0.027 seconds

Study on DNN Based Android Malware Detection Method for Mobile Environmentt (모바일 환경에 적합한 DNN 기반의 악성 앱 탐지 방법에 관한 연구)

  • Yu, Jinhyun;Seo, In Hyuk;Kim, Seungjoo
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.6 no.3
    • /
    • pp.159-168
    • /
    • 2017
  • Smartphone malware has increased because Smartphone users has increased and smartphones are widely used in everyday life. Since 2012, Android has been the most mobile operating system. Owing to the open nature of Android, countless malware are in Android markets that seriously threaten Android security. Most of Android malware detection program does not detect malware to which bypass techniques apply and also does not detect unknown malware. In this paper, we propose lightweight method for detection of Android malware using static analysis and deep learning techniques. For experiments we crawl 7,000 apps from the Google Play Store and collect 6,120 malwares. The result show that proposed method can achieve 98.05% detection accuracy. Also, proposed method can detect about unknown malware families with good performance. On smartphones, the method requires 10 seconds for an analysis on average.

안드로이드 모바일 악성앱 동적분석 회피기술 동향

  • Kim, Mijoo;Shin, Young Sang;Lee, Tae Jin;Youm, Heung Youl
    • Review of KIISC
    • /
    • v.25 no.6
    • /
    • pp.5-12
    • /
    • 2015
  • 스마트폰 사용이 대중화됨에 따라 스마트폰 사용인구 증가와 함께 우리의 일상생활과 밀접한 관계를 가지며 영향력을 넓혀가고 있는 가운데, 악성앱을 이용해 개인정보 유출, 불법 과금 유발, 스팸 발송 등 스마트폰 사용자에 피해를 입히며 사회적인 문제를 유발하는 보안 위협의 출현 또한 지속적으로 증가하고 있다. 이러한 문제를 해결하기 위해 전 세계 보안업체, 연구소, 학계 등에서는 스마트폰 악성앱을 탐지하고 대응하기 위한 기술을 연구개발하고, 앱 마켓에서는 악성앱을 탐지하기 위한 분석 시스템을 도입하는 등 다양한 활동이 진행되고 있다. 하지만 악성앱 또한 기존의 탐지 및 대응 기술을 우회하는 등 생존율을 높이기 위한 방향으로 점차 지능화 정교화되는 양상을 보이고 있다. 최근 이러한 특징은 앱 마켓 등에서 도입하고 있는 대량의 앱에 대한 자동화된 런타임 분석을 수행하는 동적분석 시스템/서비스를 대상으로 많이 발생되고 있는데, 동적분석의 환경적, 시간적 제약 등을 이용하여 분석기술을 회피하는 기법을 주로 사용하고 있다. 이와 관련하여 본 논문에서는 기존의 동적분석 기술을 우회하는 악성앱 분석회피 행위 유형을 분류하고, 이와 관련된 연구 동향에 대한 정보를 제공하고자 한다.

Advanced Feature Selection Method on Android Malware Detection by Machine Learning (악성 안드로이드 앱 탐지를 위한 개선된 특성 선택 모델)

  • Boo, Joo-hun;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.3
    • /
    • pp.357-367
    • /
    • 2020
  • According to Symantec's 2018 internet security threat report, The number of new mobile malware variants increased by 54 percent in 2017, as compared to 2016. And last year, there were an average of 24,000 malicious mobile applications blocked each day. Existing signature-based technologies of malware detection have limitations. So, malware detection technique through machine learning is being researched to detect malware variant. However, even in the case of applying machine learning, if the proper features of the malware are not properly selected, the machine learning cannot be shown correctly. We are focusing on feature selection method to find the features of malware variant in this research.

안드로이드 악성 앱 탐지율 향상을 위한 특성 분석 및 기계학습 모델에 관한 연구

  • Kang, Hoyoung;Son, Geunsoo;Son, Minwoo;Song, Yuseok
    • Review of KIISC
    • /
    • v.29 no.1
    • /
    • pp.26-33
    • /
    • 2019
  • 안드로이드 모바일 환경에서 사용되는 애플리케이션은 사용자에게 여러 권한을 요구하며, 특정한 기능을 수행한다. 공격자는 정상적인 애플리케이션으로 가장한 악성 애플리케이션을 사용자가 다운로드 하도록 유도하여 금융정보 및 개인정보를 탈취할 수 있다. 기존의 모바일 백신은 시그니처(signature) 기반의 악성 애플리케이션 탐지 방법을 사용하기 때문에 정상 애플리케이션으로 가장한 악성 애플리케이션의 탐지가 어려운 측면이 있다. 따라서, 본 논문에서는 안드로이드 악성 애플리케이션 탐지율 향상을 위한 특성(feature)을 연구 및 분석하고, 여러 기계학습 모델을 적용하여 최종적으로는 기존의 모바일 백신으로는 탐지가 어려운 악성 애플리케이션까지 탐지가 가능한 기계학습 모델을 제안하였다.

Malicious App Discrimination Mechanism by Measuring Sequence Similarity of Kernel Layer Events on Executing Mobile App (모바일 앱 실행시 커널 계층 이벤트 시퀀스 유사도 측정을 통한 악성 앱 판별 기법)

  • Lee, Hyung-Woo
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.4
    • /
    • pp.25-36
    • /
    • 2017
  • As smartphone users have increased in recent years, various applications have been developed and used especially for Android-based mobile devices. However, malicious applications developed by attackers for malicious purposes are also distributed through 3rd party open markets, and damage such as leakage of personal information or financial information of users in mobile terminals is continuously increasing. Therefore, to prevent this, a method is needed to distinguish malicious apps from normal apps for Android-based mobile terminal users. In this paper, we analyze the existing researches that detect malicious apps by extracting the system call events that occur when the app is executed. Based on this, we propose a technique to identify malicious apps by analyzing the sequence similarity of kernel layer events occurring in the process of running an app on commercial Android mobile devices.

Design and Implementation of Malicious Application Detection System Using Event Aggregation on Android based Mobile Devices (안드로이드 모바일 단말에서의 이벤트 수집을 통한 악성 앱 탐지 시스템 설계 및 구현)

  • Ham, You Joung;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.14 no.3
    • /
    • pp.35-46
    • /
    • 2013
  • As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

Android Malware Detection Using Permission-Based Machine Learning Approach (머신러닝을 이용한 권한 기반 안드로이드 악성코드 탐지)

  • Kang, Seongeun;Long, Nguyen Vu;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.617-623
    • /
    • 2018
  • This study focuses on detection of malicious code through AndroidManifest permissoion feature extracted based on Android static analysis. Features are built on the permissions of AndroidManifest, which can save resources and time for analysis. Malicious app detection model consisted of SVM (support vector machine), NB (Naive Bayes), Gradient Boosting Classifier (GBC) and Logistic Regression model which learned 1,500 normal apps and 500 malicious apps and 98% detection rate. In addition, malicious app family identification is implemented by multi-classifiers model using algorithm SVM, GPC (Gaussian Process Classifier) and GBC (Gradient Boosting Classifier). The learned family identification machine learning model identified 92% of malicious app families.

Detecting Repackaged Applications using the Information of App Installation in Android Smartphones (안드로이드 스마트폰에서 앱 설치 정보를 이용한 리패키징 앱 탐지 기법)

  • Joun, Young Nam;Ahn, Woo Hyun
    • Convergence Security Journal
    • /
    • v.12 no.4
    • /
    • pp.9-15
    • /
    • 2012
  • In recently years, repackaged malwares are becoming increased rapidly in Android smartphones. The repackaging is a technique to disassemble an app in a market, modify its source code, and then re-assemble the code, so that it is commonly used to make malwares by inserting malicious code in an app. However, it is impossible to collect all the apps in many android markets including too many apps. To solve the problem, we propose RePAD (RePackaged App Detector) scheme that is composed of a client and a remote server. In the smartphone-side, the client extracts the information of an app with low CPU overhead when a user installs the app. The remote server analyzes the information to decide whether the app is repackaged or not. Thus, the scheme reduces the time and cost to decide whether apps are repackaged. For the experiments, the client and server are implemented as an app on Galaxy TAB and PC respectively. We indicated that seven pairs of apps among ones collected in official and unofficial market are repackaged. Furthermore, RePAD only increases the average of CPU overhead of 1.9% and the maximum memory usage of 3.5 MB in Galaxy TAB.

Malicious Trojan Horse Application Discrimination Mechanism using Realtime Event Similarity on Android Mobile Devices (안드로이드 모바일 단말에서의 실시간 이벤트 유사도 기반 트로이 목마 형태의 악성 앱 판별 메커니즘)

  • Ham, You Joung;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.15 no.3
    • /
    • pp.31-43
    • /
    • 2014
  • Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

Android Application Analysis Method for Malicious Activity Detection (안드로이드 앱 악성행위 탐지를 위한 분석 기법 연구)

  • Sim, Won-Tae;Kim, Jong-Myoung;Ryou, Jae-Cheol;Noh, Bong-Nam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.1
    • /
    • pp.213-219
    • /
    • 2011
  • Due to the rapid growth of smartphone market, the security threats are also increased. One of the smartphone security threats is that w1Verified applications are distributed on the smartphone market. In the case of Andoroid market, Google have no Application Approval Process that can detect malicious android application so many malicious android applications are distributed in the Android market. To reduce this security threat, it is essential the skill to detect the malicious activities of application. In this paper, we propose the android application analysis method for malicious activity detection and we introduce the implementation of our method which can automatically analyze the android application.