Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of Malicious Application Detection System Using Event Aggregation on Android based Mobile Devices

안드로이드 모바일 단말에서의 이벤트 수집을 통한 악성 앱 탐지 시스템 설계 및 구현

  • Received : 2013.04.12
  • Accepted : 2013.05.15
  • Published : 2013.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

모바일 단말 환경이 활성화되면서 안드로이드 플랫폼을 탑재한 상용 모바일 단말이 널리 보급되고 있다. 최근 안드로이드 기반 모바일 단말에서 보안 취약성이 발견되면서 악성 어플리케이션을 통한 공격이 급증하고 있다. 대부분의 악성 어플리케이션은 오픈 마켓 또는 인터넷을 통해 배포되며 어플리케이션 내에 악성코드가 삽입되어 있어 단말 사용자의 SMS, 전화번호부, 공인인증서 등 개인정보와 금융정보 등을 외부 서버로 유출시키는 공격을 시도한다. 이에 따라 상용 모바일 단말에 대한 보안 취약점 분석과 그에 따른 능동적인 대응 방안이 필요하다. 이에 본 연구에서는 최근 급증하는 악성 앱에 의한 피해를 최소화하기 위해 다수의 모바일 단말서 발생하는 이벤트 수집을 통해 모바일 단말 내에서 실행되는 악성 어플리케이션에 의한 공격을 탐지하는 시스템을 설계 및 구현하였다.

Keywords

References

  1. Jaeyoung Lee, Doeun Kim, Jiyoung Lee, "An Integrity Verification Method for Secure Application on the Smartphone", Journal of Advanced Information Technology and Convergence, Vol. 9, No. 10, pp.223-228, 2011. 10.
  2. Wontae Sim, Jongmyoung Kim, Jaechul Ryu, Bongnam Noh, "Android Application Analysis Method for Malicious Activity Detection", Journal of KIISC(Korea Institution of Information Security and Cryptology) Vol. 21, No.1, pp.213-219, 2011. 2.
  3. Woobong Chun, Junghee Lee, Wonhyung Park, Taemyoung Jung, "The Mobile Security Diagnostic System against Smartphone Threat", Journal of KIISC, Vol.22, No.3, pp.537-544, 2012. 6.
  4. Woohyung Ahn, Jungmin Lee, Seungho Lim, Jaewon Oh, "Detection Malware on Smartphone by Tracking of the Execution of Basic Blocks", Journal of KIISE(Korean Institute of Information Scientists and Engineers): System and Theory, Vol.39, No.3, pp.179-187, 2012. 6
  5. Android Developer Web Site, "Android.com. (2009b, December 16). What is android?", Android Developer (http://developer.android.com/guide/basics/ what-is-android.html), 2009. 12
  6. Kyoungmin Kim, "A Study on Client Information Protection in Domestic Banking As Introducing Smartphone Banking", Journal of KIISC, Vol.20, No.6, pp.51-62, 2010. 12.
  7. Youngdong Kim, Ikwhan Kim, Taehyun Kim, "Analysis of Usage Patterns and Security Vulnerabilities in Android Permissions and Broadcast Intent Mechanism", Journal of KIISC, Vol.22, No.5, pp.1145-1157, 2012. 10.
  8. Moonyoung Whang, Woong Goh, Dongbum Lee, Jin Gwak, "Certificate Management Plan in Smartphonebanking using the Mobile-Cloud Computing", Proceedings of IEEK(Institute of Electronics Engineers of Korea) Conference, pp. 1873-1876, 2010. 6.
  9. "Andromaly: a behavioral Malware detection framework for android devices", Proceedings of IEEK Conference, pp.1-30, 2010.6