• Title/Summary/Keyword: 악성 어플리케이션 분류

Search Result 8, Processing Time 0.027 seconds

Malware Application Classification based on Feature Extraction and Machine Learning for Malicious Behavior Analysis in Android Platform (안드로이드 플랫폼에서 악성 행위 분석을 통한 특징 추출과 머신러닝 기반 악성 어플리케이션 분류)

  • Kim, Dong-Wook;Na, Kyung-Gi;Han, Myung-Mook;Kim, Mijoo;Go, Woong;Park, Jun Hyung
    • Journal of Internet Computing and Services
    • /
    • v.19 no.1
    • /
    • pp.27-35
    • /
    • 2018
  • This paper is a study to classify malicious applications in Android environment. And studying the threat and behavioral analysis of malicious Android applications. In addition, malicious apps classified by machine learning were performed as experiments. Android behavior analysis can use dynamic analysis tools. Through this tool, API Calls, Runtime Log, System Resource, and Network information for the application can be extracted. We redefined the properties extracted for machine learning and evaluated the results of machine learning classification by verifying between the overall features and the main features. The results show that key features have been improved by 1~4% over the full feature set. Especially, SVM classifier improved by 10%. From these results, we found that the application of the key features as a key feature was more effective in the performance of the classification algorithm than in the use of the overall features. It was also identified as important to select meaningful features from the data sets.

Linear SVM-Based Android Malware Detection and Feature Selection for Performance Improvement (선형 SVM을 사용한 안드로이드 기반의 악성코드 탐지 및 성능 향상을 위한 Feature 선정)

  • Kim, Ki-Hyun;Choi, Mi-Jung
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.39C no.8
    • /
    • pp.738-745
    • /
    • 2014
  • Recently, mobile users continuously increase, and mobile applications also increase As mobile applications increase, the mobile users used to store sensitive and private information such as Bank information, location information, ID, password on their mobile devices. Therefore, recent malicious application targeted to mobile device instead of PC environment is increasing. In particular, since the Android is an open platform and includes security vulnerabilities, attackers prefer this environment. This paper analyzes the performance of malware detection system applying linear SVM machine learning classifier to detect Android malware application. This paper also performs feature selection in order to improve detection performance.

A Study proposal for URL anomaly detection model based on classification algorithm (분류 알고리즘 기반 URL 이상 탐지 모델 연구 제안)

  • Hyeon Wuu Kim;Hong-Ki Kim;DongHwi Lee
    • Convergence Security Journal
    • /
    • v.23 no.5
    • /
    • pp.101-106
    • /
    • 2023
  • Recently, cyberattacks are increasing in social engineering attacks using intelligent and continuous phishing sites and hacking techniques using malicious code. As personal security becomes important, there is a need for a method and a solution for determining whether a malicious URL exists using a web application. In this paper, we would like to find out each feature and limitation by comparing highly accurate techniques for detecting malicious URLs. Compared to classification algorithm models using features such as web flat panel DB and based URL detection sites, we propose an efficient URL anomaly detection technique.

The Detection of Android Malicious Apps Using Categories and Permissions (카테고리와 권한을 이용한 안드로이드 악성 앱 탐지)

  • Park, Jong-Chan;Baik, Namkyun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.6
    • /
    • pp.907-913
    • /
    • 2022
  • Approximately 70% of smartphone users around the world use Android operating system-based smartphones, and malicious apps targeting these Android platforms are constantly increasing. Google has provided "Google Play Protect" to respond to the increasing number of Android targeted malware, preventing malicious apps from being installed on smartphones, but many malicious apps are still normal. It threatens the smartphones of ordinary users registered in the Google Play store by disguising themselves as apps. However, most people rely on antivirus programs to detect malicious apps because the average user needs a great deal of expertise to check for malicious apps. Therefore, in this paper, we propose a method to classify unnecessary malicious permissions of apps by using only the categories and permissions that can be easily confirmed by the app, and to easily detect malicious apps through the classified permissions. The proposed method is compared and analyzed from the viewpoint of undiscovered rate and false positives with the "commercial malicious application detection program", and the performance level is presented.

Android Malware Detection Using Permission-Based Machine Learning Approach (머신러닝을 이용한 권한 기반 안드로이드 악성코드 탐지)

  • Kang, Seongeun;Long, Nguyen Vu;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.617-623
    • /
    • 2018
  • This study focuses on detection of malicious code through AndroidManifest permissoion feature extracted based on Android static analysis. Features are built on the permissions of AndroidManifest, which can save resources and time for analysis. Malicious app detection model consisted of SVM (support vector machine), NB (Naive Bayes), Gradient Boosting Classifier (GBC) and Logistic Regression model which learned 1,500 normal apps and 500 malicious apps and 98% detection rate. In addition, malicious app family identification is implemented by multi-classifiers model using algorithm SVM, GPC (Gaussian Process Classifier) and GBC (Gradient Boosting Classifier). The learned family identification machine learning model identified 92% of malicious app families.

A Study of Office Open XML Document-Based Malicious Code Analysis and Detection Methods (Office Open XML 문서 기반 악성코드 분석 및 탐지 방법에 대한 연구)

  • Lee, Deokkyu;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.3
    • /
    • pp.429-442
    • /
    • 2020
  • The proportion of attacks via office documents is increasing in recent incidents. Although the security of office applications has been strengthened gradually, the attacks through the office documents are still effective due to the sophisticated use of social engineering techniques and advanced attack techniques. In this paper, we propose a method for detecting malicious OOXML(Office Open XML) documents and a framework for detection. To do this, malicious files used in the attack and benign files were collected from the malicious code repository and the search engine. By analyzing the malicious code types of collected files, we identified six "suspicious object" elements that are meaningful in determining whether they are malicious in a document. In addition, we implemented an OOXML document-based malware detection framework based on the detection method to classify the collected files and found that 98.45% of malicious filesets were detected.

A Study on SMiShing Application Detection Technique (SMiShing 어플리케이션 탐지 모델에 관한 연구)

  • Chang, Hyun Soo;Shon, Taeshik
    • Annual Conference of KIPS
    • /
    • 2014.04a
    • /
    • pp.416-419
    • /
    • 2014
  • 스미싱(SMiShing) 공격은 문자메시지(SMS)를 이용하여 정보를 유출하거나 타인에게 피해를 주는 행위를 일컫는다. 본 논문에서는 공격자의 공격유형에 따라 스미싱을 "직접 정보 유출", "파밍/피싱 사이트 유도", "악성어플리케이션 다운로드 유도"로 분류하였고 스미싱 공격의 시나리오를 통해 스미싱 공격을 표현하였다. 그 후 스미싱 방지 기술 동향을 파악을 위한 기존의 대응 기법들을 조사를 하고 기존의 스미싱 탐지 기법인 URL 검사와 APK 파일 분석 기법을 접목시킨 스미싱 탐지 모델을 제안한다.

Flash Malware Detection Method by Using Flash Tag Frequency (플래시 TAG Frequency를 이용한 악성 플래시 탐지 기술)

  • Jung, Wookhyun;Kim, Sangwon;Choi, Sangyong;Noh, Bongnam
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2015.05a
    • /
    • pp.259-263
    • /
    • 2015
  • The vulnerabilities related to Flash player which is widely used in internet browsers and office programs are gradually increased. To detect Flash malwares, previous work focuses on predefined features of ActionScript. However above work cannot detect new/mutated Flash malwares, since predefined features could not cover the new patterns of new/mutated Flash mawares. To solve this problem, we propose a Flash malware detection method that uses machine learning to learn Flash Tag patterns and classify Flash by using machine learning.

  • PDF