• Title, Summary, Keyword: Malicious App Detection

Search Result 14, Processing Time 0.042 seconds

Android Malware Detection Using Permission-Based Machine Learning Approach (머신러닝을 이용한 권한 기반 안드로이드 악성코드 탐지)

  • Kang, Seongeun;Long, Nguyen Vu;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.617-623
    • /
    • 2018
  • This study focuses on detection of malicious code through AndroidManifest permissoion feature extracted based on Android static analysis. Features are built on the permissions of AndroidManifest, which can save resources and time for analysis. Malicious app detection model consisted of SVM (support vector machine), NB (Naive Bayes), Gradient Boosting Classifier (GBC) and Logistic Regression model which learned 1,500 normal apps and 500 malicious apps and 98% detection rate. In addition, malicious app family identification is implemented by multi-classifiers model using algorithm SVM, GPC (Gaussian Process Classifier) and GBC (Gradient Boosting Classifier). The learned family identification machine learning model identified 92% of malicious app families.

Malicious App Discrimination Mechanism by Measuring Sequence Similarity of Kernel Layer Events on Executing Mobile App (모바일 앱 실행시 커널 계층 이벤트 시퀀스 유사도 측정을 통한 악성 앱 판별 기법)

  • Lee, Hyung-Woo
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.4
    • /
    • pp.25-36
    • /
    • 2017
  • As smartphone users have increased in recent years, various applications have been developed and used especially for Android-based mobile devices. However, malicious applications developed by attackers for malicious purposes are also distributed through 3rd party open markets, and damage such as leakage of personal information or financial information of users in mobile terminals is continuously increasing. Therefore, to prevent this, a method is needed to distinguish malicious apps from normal apps for Android-based mobile terminal users. In this paper, we analyze the existing researches that detect malicious apps by extracting the system call events that occur when the app is executed. Based on this, we propose a technique to identify malicious apps by analyzing the sequence similarity of kernel layer events occurring in the process of running an app on commercial Android mobile devices.

Design and Implementation of Malicious Application Detection System Using Event Aggregation on Android based Mobile Devices (안드로이드 모바일 단말에서의 이벤트 수집을 통한 악성 앱 탐지 시스템 설계 및 구현)

  • Ham, You Joung;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.14 no.3
    • /
    • pp.35-46
    • /
    • 2013
  • As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

Design and Implementation of Machine Learning-based Blockchain DApp System (머신러닝 기반 블록체인 DApp 시스템 설계 및 구현)

  • Lee, Hyung-Woo;Lee, HanSeong
    • Journal of The Korea Internet of Things Society
    • /
    • v.6 no.4
    • /
    • pp.65-72
    • /
    • 2020
  • In this paper, we developed a web-based DApp system based on a private blockchain by applying machine learning techniques to automatically identify Android malicious apps that are continuously increasing rapidly. The optimal machine learning model that provides 96.2587% accuracy for Android malicious app identification was selected to the authorized experimental data, and automatic identification results for Android malicious apps were recorded/managed in the Hyperledger Fabric blockchain system. In addition, a web-based DApp system was developed so that users who have been granted the proper authority can use the blockchain system. Therefore, it is possible to further improve the security in the Android mobile app usage environment through the development of the machine learning-based Android malicious app identification block chain DApp system presented. In the future, it is expected to be able to develop enhanced security services that combine machine learning and blockchain for general-purpose data.

Optimal Machine Learning Model for Detecting Normal and Malicious Android Apps (안드로이드 정상 및 악성 앱 판별을 위한 최적합 머신러닝 기법)

  • Lee, Hyung-Woo;Lee, HanSeong
    • Journal of The Korea Internet of Things Society
    • /
    • v.6 no.2
    • /
    • pp.1-10
    • /
    • 2020
  • The mobile application based on the Android platform is simple to decompile, making it possible to create malicious applications similar to normal ones, and can easily distribute the created malicious apps through the Android third party app store. In this case, the Android malicious application in the smartphone causes several problems such as leakage of personal information in the device, transmission of premium SMS, and leakage of location information and call records. Therefore, it is necessary to select a optimal model that provides the best performance among the machine learning techniques that have published recently, and provide a technique to automatically identify malicious Android apps. Therefore, in this paper, after adopting the feature engineering to Android apps on official test set, a total of four performance evaluation experiments were conducted to select the machine learning model that provides the optimal performance for Android malicious app detection.

Permissions based Automatic Android Malware Repair using Long Short Term Memory (롱 숏 텀 메모리를 활용한 권한 기반 안드로이드 말웨어 자동 복구)

  • Wu, Zhiqiang;Chen, Xin;Lee, Scott Uk-Jin
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • /
    • pp.387-388
    • /
    • 2019
  • As malicious apps vary significantly across Android malware, it is challenging to prevent that the end-users download apps from unsecured app markets. In this paper, we propose an approach to classify the malicious methods based on permissions using Long Short Term Memory (LSTM) that is used to embed the semantics among Intent and permissions. Then the malicious method that is an unsecured method will be removed and re-uploaded to official market. This approach may induce that the end-users download apps from official market in order to reduce the risk of attacks.

  • PDF

Identification of Counterfeit Android Malware Apps using Hyperledger Fabric Blockchain (블록체인을 이용한 위변조 안드로이드 악성 앱 판별)

  • Hwang, Sumin;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.20 no.2
    • /
    • pp.61-68
    • /
    • 2019
  • Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

A Study on Tainting Technique for leaking official certificates Malicious App Detection in Android (공인인증서 유출형 안드로이드 악성앱 탐지를 위한 Tainting 기법 활용 연구)

  • Yoon, Hanj Jae;Lee, Man Hee
    • Convergence Security Journal
    • /
    • v.18 no.3
    • /
    • pp.27-35
    • /
    • 2018
  • The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.

  • PDF

Experiments on An Network Processor-based Intrusion Detection (네트워크 프로세서 기반의 침입탐지 시스템 구현)

  • Kim, Hyeong-Ju;Kim, Ik-Kyun;Park, Dae-Chul
    • The KIPS Transactions:PartC
    • /
    • v.11C no.3
    • /
    • pp.319-326
    • /
    • 2004
  • To help network intrusion detection systems(NIDSs) keep up with the demands of today's networks, that we the increasing network throughput and amount of attacks, a radical new approach in hardware and software system architecture is required. In this paper, we propose a Network Processor(NP) based In-Line mode NIDS that supports the packet payload inspection detecting the malicious behaviors, as well as the packet filtering and the traffic metering. In particular, we separate the filtering and metering functions from the deep packet inspection function using two-level searching scheme, thus the complicated and time-consuming operation of the deep packet inspection function does not hinder or flop the basic operations of the In-line mode system. From a proto-type NP-based NIDS implemented at a PC platform with an x86 processor running Linux, two Gigabit Ethernet ports, and 2.5Gbps Agere PayloadPlus(APP) NP solution, the experiment results show that our proposed scheme can reliably filter and meter the full traffic of two gigabit ports at the first level even though it can inspect the packet payload up to 320 Mbps in real-time at the second level, which can be compared to the performance of general-purpose processor based Inspection. However, the simulation results show that the deep packet searching is also possible up to 2Gbps in wire speed when we adopt 10Gbps APP solution.

Dynamic Evaluation Methods for SMS Phishing Blocking App Based on Detection Setup Function (감지설정기능을 적용한 스미싱 차단앱의 동적 평가방법에 관한 연구)

  • Kim, Jang Il;Kim, Myung Gwan;Kwon, Young Man;Jung, Yong Gyu
    • Journal of Service Research and Studies
    • /
    • v.5 no.2
    • /
    • pp.111-118
    • /
    • 2015
  • Although the development of mobile devices are made us a free life, they were displayed the subject of this financial crime and attacking forces in the other side. Among finance-related crime is become a serious crime that are targeting smartphones by SMS phishing, phishing, pharming, voice phishing etc. In particular, SMS phishing is increased according to phenomenon using the nature of a text message in the mobile. SMS phishing is become new crime due to the burden to the smartphone user. Their crime is also the advanced way from the existing fraud, such as making the malicious apps. Especially it generates loopholes in the law by a method such as using a foreign server. For safe from SMS phishing attacks, proactive pre-diagnosis is even more important rather than post responses. It is necessary to deploy blocking programs for detecting SMS phishing attacks in advance to do this. In this paper we are investigating the process of block types and block apps that are currently deployed and presenting the evaluation of the application of the detection block setting app.