KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Study on DNN Based Android Malware Detection Method for Mobile Environmentt

모바일 환경에 적합한 DNN 기반의 악성 앱 탐지 방법에 관한 연구

  • 유진현 (고려대학교 정보보호대학원 정보보호학과) ;
  • 서인혁 (고려대학교 정보보호대학원 정보보호학과) ;
  • 김승주 (고려대학교 사이버국방학과/정보보호대학원)
  • Received : 2016.11.30
  • Accepted : 2016.12.13
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Smartphone malware has increased because Smartphone users has increased and smartphones are widely used in everyday life. Since 2012, Android has been the most mobile operating system. Owing to the open nature of Android, countless malware are in Android markets that seriously threaten Android security. Most of Android malware detection program does not detect malware to which bypass techniques apply and also does not detect unknown malware. In this paper, we propose lightweight method for detection of Android malware using static analysis and deep learning techniques. For experiments we crawl 7,000 apps from the Google Play Store and collect 6,120 malwares. The result show that proposed method can achieve 98.05% detection accuracy. Also, proposed method can detect about unknown malware families with good performance. On smartphones, the method requires 10 seconds for an analysis on average.

스마트폰 사용자가 증가하고 스마트폰이 다양한 서비스와 함께 일상생활에서 널리 사용됨에 따라 스마트폰 사용자를 노리는 악성코드 또한 증가하고 있다. 안드로이드는 2012년 이후로 가장 많이 사용되고 있는 스마트폰 운영체제이지만, 안드로이드 마켓의 개방성으로 인해 수많은 악성 앱이 마켓에 존재하며 사용자에게 위협이 되고 있다. 현재 대부분의 안드로이드 악성 앱 탐지 프로그램이 사용하는 규칙 기반의 탐지 방법은 쉽게 우회가 가능할 뿐만 아니라, 새로운 악성 앱에 대해서는 대응이 어렵다는 문제가 존재한다. 본 논문에서는 앱의 정적 분석과 딥러닝을 결합하여 스마트폰에서 직접 악성 앱을 탐지할 수 있는 방법을 제안한다. 수집한 6,120개의 악성 앱과 7,000개의 정상 앱 데이터 셋을 가지고 제안하는 방법을 평가한 결과 98.05%의 정확도로 악성 앱과 정상 앱을 분류하였고, 학습하지 않은 악성 앱 패밀리의 탐지에서도 좋은 성능을 보였으며, 스마트폰 환경에서 평균 10초 내외로 분석을 수행하였다.

Keywords

References

  1. Kasperskey Lab, 2014, "Mobile Cyber Threats" [Internet], http://media.kaspersky.com/pdf/Kaspersky-Lab-KSN-Report-mobile-cyberthreats-web.pdf.
  2. Gartner, "Worldwide Smartphone Sales to End User by Operating System in 2Q15," 2015.
  3. McAfee, "Mobile Threat Report, What's on the Horizon for 2016" [Internet], http://www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2016.pdf.
  4. Felt, Adrienne Porter et al., "A survey of mobile malware in the wild," Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ACM, 2011.
  5. Sarma, Bhaskar Pratim et al., "Android permissions: a perspective combining risks and benefits," Proceedings of the 17th ACM symposium on Access Control Models and Technologies, ACM, 2012.
  6. Aafer, Yousra, Wenliang Du, and Heng Yin, "DroidAPIMiner: Mining API-level features for robust malware detection in android," International Conference on Security and Privacy in Communication Systems, Springer International Publishing, 2013.
  7. Felt, Adrienne Porter et al., "Android permissions demystified," Proceedings of the 18th ACM conference on Computer and communications security, ACM, 2011.
  8. Rastogi, Vaibhav, Yan Chen, and William Enck, "AppsPlayground: automatic security analysis of smartphone applications," Proceedings of the Third ACM Conference on Data and Application Security and Privacy, ACM, 2013.
  9. Enck, William et al., "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones," ACM Transactions on Computer Systems (TOCS), Vol.32, No.2, p.5, 2014.
  10. Yan, Lok Kwong, and Heng Yin, "Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis," Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 2012.
  11. Peiravian, Naser, and Xingquan Zhu, "Machine learning for android malware detection using permission and api calls," 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, IEEE, 2013.
  12. Arp, Daniel et al., "DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket," NDSS, 2014.
  13. LeCun, Yann, Yoshua Bengio, and Geoffrey Hinton, "Deep learning," Nature, Vol.521, No.7553, pp.436-444, 2015. https://doi.org/10.1038/nature14539
  14. Zhou, Yajin, and Xuxian Jiang, "Dissecting android malware: Characterization and evolution," 2012 IEEE Symposium on Security and Privacy, IEEE, 2012.
  15. Crussell, Jonathan, Clint Gibler, and Hao Chen, "Attack of the clones: Detecting cloned applications on android markets," European Symposium on Research in Computer Security, Springer Berlin Heidelberg, 2012.
  16. Indyk, Piotr, and Rajeev Motwani, "Approximate nearest neighbors: towards removing the curse of dimensionality," Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, ACM, 1998.
  17. TLSH [Internet], https://github.com/trendmicro/tlsh.
  18. TensorFlow [Internet], https://www.tensorflow.org/.
  19. Srivastava, Nitish et al., "Dropout: a simple way to prevent neural networks from overfitting," Journal of Machine Learning Research, Vol.15, No.1, pp.1929-1958, 2014.
  20. Contagio Community [Internet], http://contagiominidump.blo gspot.com.