• Proceedings of the KAIS Fall Conference
• /
• 2012.05b
• /
• pp.835-838
• /
• 2012

최근 스마트폰의 폭팔적인 증가와 함께 사용 환경개선도 이루어 지고 있다. 또한 Wi-Fi 존의 증가와 LTE같은 빠른 네트워크 환경은 사용자 중심의 수 많은 앱을 탄생시키고 있다. 안드로이드는 애플의 iOS와는 다른 오픈소스 정책으로 플랫폼 소스가 공개되어 있어 많은 개발자가 쉽게 접근이 가능하다. 그러나 안드로이드는 앱(App) 검증 체계가 미흡하기 때문에 악성코드 등으로 인한 위협요소가 존재하고 있다. 또한 파일 시스템은 임의적 접근제어방식으로 공격자가 취약점을 통해 관리자 권한을 얻어 시스템 자원을 제어할 수 있기 때문에 위협요소가 다분하다. 본 논문에서는 스마트폰 앱이 호출하는 시스템 API 및 네트워크 자원사용 패턴을 분석하여 부정 앱을 차단하는 방법을 제안하였다. 제안 방법으로 실험한 결과 API호출 빈도 및 자원 사용률이 최소 기준치 이하로 검출된 경우를 제외한 평가대상은 모두 검출하여 보안성 강화에 효과적인 것으로 실험을 통하여 검증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.812-815
• /
• 2010

최근 들어 안드로이드폰, 아이폰, 옴니아폰 등의 스마트폰 사용자가 많이 증가하고 있고 전자상거래 등 그 이용분야 또한 점점 증가되고 있는 추세이다. 많은 사용자들이 스마트폰 환경에 접어들면서 삶의 질이 향상되어지고 있다. 하지만 이렇게 모바일 환경으로 변화되면서 여러 가지 많은 문제점도 발견되어지고 있는데 그중 대표적인 이슈로 논의되어지고 있는 문제 중 하나가 스마트폰에서의 보안취약성에 대한 내용인데 본 논문은 스마트폰 중 안드로이드 환경에서의 보안문제를 짚어보고 악성코드 같은 바이러스로부터 이를 보호하기위해서는 어떤 점이 필요한지 개선안을 제시하고 이를 해결하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.1106-1107
• /
• 2011

개방형 플랫폼이라는 안드로이드의 특성을 이용해 블랙마켓 애플리케이션이 급격히 활성화 되어 불법 애플리케이션이 유통 되고 있다. 불법 애플리케이션의 유통은 마켓의 수익 구조가 파괴되어 개발자들의 개발 의지를 저하시켜 마켓의 활성화를 저해하는 요인이 되며 악성코드 배포의 경로가 된다. 이에 본 논문에서는 스마트폰 애플리케이션을 공식적으로 유통하는 안드로이드 마켓과 비공식적으로 유통하는 블랙마켓 "Blackmart Alpha"의 월별 애플리케이션 등록건수를 비교 분석해 불법 애플리케이션 유통의 현황을 파악하였다. 이는 향후 애플리케이션의 불법적 접근을 사전에 대응하는 방법과 함께 불법적으로 변형된 애플리케이션을 검증할 수 있는 방법 위한 것이다.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.61-67
• /
• 2012

Accordingly the number of smart-phone-based malicious codes is also increasing and their techniques for malicio us purpose are getting more clever and evolved. Among them, the malicious codes related to Android take the major portion and it can be estimated that they are based on open source so that the access to the system is easy. Intent is a technique to support the communication between application's components by transmitting message subjects in Android. Intent provides convenience to developers, but it can be utilized as security vulnerability that allows the developer with a malicious purpose to control the system as intended. The vulnerability of intent security is that personal information can be accessed using discretionally its proper function given to application and smart phone's functions can be maliciously controlled. This paper improves with the Intent security vulnerability caused by the smart phone users' discretional use of custom kernel. Lastly, it verifies the malicious behaviors in the process of installing an application and suggests a technique to watch the Intent security vulnerability in realtime after its installation.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.42-44
• /
• 2012

최근 안드로이드 애플리케이션의 수가 폭발적으로 증가함에 따라, 개인정보 유출 등 악성 행위를 하는 애플리케이션의 수 또한 증가하고 있다. 이에 대응하기 위해 스마트폰에서 개인정보 유출을 막기 위한 연구가 진행되어 왔으나, 이를 우회하는 악성코드도 지속적으로 출현하고 있다. 본 논문에서는 안드로이드 플랫폼에서 개인정보 유출을 방지하기 위해 안전한 저장소를 적용하는 방법을 제안한다. 기존의 UID와 퍼미션(Permission)에 의한 자원 접근제어와 달리, 안전한 저장소는 자원에 접근하는 주체의 권한(Privilege)에 관계없이 오직 app_Whitelist에 명시된 애플리케이션만이 해당 자원에 접근을 할 수 있도록 허용한다. 본 제안 방법을 위해 시스템 콜 후킹, 디렉터리명 변경, app_Whitelist 구축 등을 구현하였으며, 제안 방법을 적용하여 사용자 수준 및 커널 수준의 불법 데이터 접근을 차단할 수 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.11
• /
• pp.123-130
• /
• 2022

Recently, studies on the detection and classification of Android malware based on API Call sequence have been actively carried out. However, API Call sequence based malware classification has serious limitations such as excessive time and resource consumption in terms of malware analysis and learning model construction due to the vast amount of data and high-dimensional characteristic of features. In this study, we analyzed various classification models such as LightGBM, Random Forest, and k-Nearest Neighbors after significantly reducing the dimension of features using PCA(Principal Component Analysis) for CICAndMal2020 dataset containing vast API Call information. The experimental result shows that PCA significantly reduces the dimension of features while maintaining the characteristics of the original data and achieves efficient malware classification performance. Both binary classification and multi-class classification achieve higher levels of accuracy than previous studies, even if the data characteristics were reduced to less than 1% of the total size.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.499-505
• /
• 2014

According to the increasing use of smart devices such as smart phones and tablets, the service that targets mobile office, finance and e-government for convenience of usage and productivity has emerged significantly. As a result, important information is treated with the smart devices and also, the malicious activity that targets smart devices is increasing steadily. In particular, the damage case by harmful sites, malware distribution sites and phishing sites that targets smart devices has occurred steadily and it has emerged as a social issue. In the case of smart devices, the Android platform is occupied the 90% in Korea, 2013 therefore the method of device block level is required to resolve the social issues of smart devices. In this paper, we propose a method that can be effectively blocked when you try to access an illegal site to Web browser on the Android platform and develop the application and also analyze the wrong site block function.

• Journal of Internet Computing and Services
• /
• v.21 no.6
• /
• pp.13-21
• /
• 2020

The Android author identification study can be interpreted as a method for revealing the source in a narrow range, but if viewed in a wide range, it can be interpreted as a study to gain insight to identify similar works through known works. The problem found in the Android author identification study is that it is an important code on the Android system, but it is difficult to find the important feature of the author due to the meaningless codes. Due to this, legitimate codes or behaviors were also incorrectly defined as malicious codes. To solve this, we introduced the concept of survival network to solve the problem by removing the features found in various Android apps and surviving unique features defined by authors. We conducted an experiment comparing the proposed framework with a previous study. From the results of experiments on 440 authors' identified apps, we obtained a classification accuracy of up to 92.10%, and showed a difference of up to 3.47% from the previous study. It used a small amount of learning data, but because it used unique features without duplicate features for each author, it was considered that there was a difference from previous studies. In addition, even in comparative experiments with previous studies according to the feature definition method, the same accuracy can be shown with a small number of features, and this can be seen that continuously overlapping meaningless features can be managed through the concept of a survival network.

• Journal of KIISE
• /
• v.42 no.9
• /
• pp.1100-1108
• /
• 2015

Classes.dex, which is the executable file for android operation system, has Java bite code format, so that anyone can analyze and modify its source codes by using reverse engineering. Due to this characteristic, many android applications using classes.dex as executable file have been illegally copied and distributed, causing damage to the developers and software industry. To tackle such ill-intended behavior, this paper proposes a technique to encrypt classes.dex file using an AES(Advanced Encryption Standard) encryption algorithm and decrypts the applications encrypted in such a manner in order to prevent reverse engineering of the applications. To reinforce the file against reverse engineering attack, hash values that are obtained from substituting a hash equation through the combination of salt values, are used for the keys for encrypting and decrypting classes.dex. The experiments demonstrated that the proposed technique is effective in preventing the illegal duplication of classes.dex-based android applications and reverse engineering attack. As a result, the proposed technique can protect the source of an application and also prevent the spreading of malicious codes due to repackaging attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1087-1097
• /
• 2017

As the penetration rate of smartphones increases, the number of malicious codes targeting smartphones is increasing. I 360 Security 's smartphone malware statistics show that malicious code increased 437 percent in the first quarter of 2016 compared to the fourth quarter of 2015. In particular, malicious applications, which are the main means of distributing malicious code on smartphones, are aimed at leakage of user information, data destruction, and money withdrawal. Often, it is operated by an API, which is an interface that allows you to control the functions provided by the operating system or programming language. In this paper, we propose a mechanism to detect malicious application based on the similarity of API pattern in normal application and malicious application by learning pattern of API in application derived from static analysis. In addition, we show a technique for improving the detection rate and detection rate for each label derived by using the corresponding mechanism for the sample data. In particular, in the case of the proposed mechanism, it is possible to detect when the API pattern of the new malicious application is similar to the previously learned patterns at a certain level. Future researches of various features of the application and applying them to this mechanism are expected to be able to detect new malicious applications of anti-malware system.