• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.8
• /
• pp.2964-2983
• /
• 2015

As the Android operating system has become a key target for malware authors, Android protection has become a thriving research area. Beside the proved importance of system permissions for malware analysis, there is a lot of overlapping in permissions between malware apps and goodware apps. The exploitation of them effectively in malware detection is still an open issue. In this paper, to investigate the feasibility of neuro-fuzzy techniques to Android protection based on system permissions, we introduce a self-adaptive neuro-fuzzy inference system to classify the Android apps into malware and goodware. According to the framework introduced, the most significant permissions that characterize optimally malware apps are identified using Information Gain Ratio method and encapsulated into patterns of features. The patterns of features data is used to train and test the system using stratified cross-validation methodologies. The experiments conducted conclude that the proposed classifier can be effective in Android protection. The results also underline that the neuro-fuzzy techniques are feasible to employ in the field.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.59-66
• /
• 2018

Android Things is an Android-based platform running in Google's IoT environment. Android smartphones require permissions from application users to use certain features, but in the case of Android Things, there is no display to send request notifications to users. Therefore Does not make a request to use the permissions and automatically accepts the permissions from the system. If the privilege is used indiscriminately, malicious behavior such as system failure or leakage of personal information can be performed by a function which is not related to the function originally. Therefore, By monitoring the privileges that a device uses in an Android-based IoT system, users can proactively respond to security threats that can arise through unauthorized use of the IoT system. This paper proposes a system that manages the rights currently being used by IoT devices in the Android Things based IoT environment, so that Android-based IoT devices can cope with irrelevant use of rights.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4658-4679
• /
• 2017

Android is now the most popular smartphone platform and remains rapid growth. There are huge number of sensitive privacy information stored in Android devices. Kinds of methods have been proposed to detect Android malicious applications and protect the privacy information. In this work, we focus on extracting the fine-grained features to maximize the information of Android malware detection, and selecting the least joint features to minimize the number of features. Firstly, permissions and APIs, not only from Android permissions and SDK APIs but also from the developer-defined permissions and third-party library APIs, are extracted as features from the decompiled source codes. Secondly, feature selection methods, including information gain (IG), regularization and particle swarm optimization (PSO) algorithms, are used to analyze and utilize the correlation between the features to eliminate the redundant data, reduce the feature dimension and mine the useful joint features. Furthermore, regularization and PSO are integrated to create a new joint feature mining method. Experiment results show that the joint feature mining method can utilize the advantages of regularization and PSO, and ensure good performance and efficiency for Android malware detection.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.6
• /
• pp.907-913
• /
• 2022

Approximately 70% of smartphone users around the world use Android operating system-based smartphones, and malicious apps targeting these Android platforms are constantly increasing. Google has provided "Google Play Protect" to respond to the increasing number of Android targeted malware, preventing malicious apps from being installed on smartphones, but many malicious apps are still normal. It threatens the smartphones of ordinary users registered in the Google Play store by disguising themselves as apps. However, most people rely on antivirus programs to detect malicious apps because the average user needs a great deal of expertise to check for malicious apps. Therefore, in this paper, we propose a method to classify unnecessary malicious permissions of apps by using only the categories and permissions that can be easily confirmed by the app, and to easily detect malicious apps through the classified permissions. The proposed method is compared and analyzed from the viewpoint of undiscovered rate and false positives with the "commercial malicious application detection program", and the performance level is presented.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.387-388
• /
• 2019

As malicious apps vary significantly across Android malware, it is challenging to prevent that the end-users download apps from unsecured app markets. In this paper, we propose an approach to classify the malicious methods based on permissions using Long Short Term Memory (LSTM) that is used to embed the semantics among Intent and permissions. Then the malicious method that is an unsecured method will be removed and re-uploaded to official market. This approach may induce that the end-users download apps from official market in order to reduce the risk of attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1145-1157
• /
• 2012

Google Android employs a security model based on application permissions to control accesses to system resources and components of other applications from a potentially malicious program. But, this model has security vulnerabilities due to lack of user comprehension and excessive permission requests by 3rd party applications. Broadcast intent message is widely used as a primary means of communication among internal application components. However, this mechanism has also potential security problems because it has no security policy related with it. In this paper, we first present security breach scenarios caused by inappropriate use of application permissions and broadcast intent messages. We then analyze and compare usage patterns of application permissions and broadcast intent message for popular applications on Android market and malwares, respectively. The analysis results show that there exists a characteristic set for application permissions and broadcast intent receiver that are requested by typical malwares. Based on the results, we propose a scheme to detect applications that are suspected as malicious and notify the result to users at installation time.

• Journal of KIISE
• /
• v.42 no.8
• /
• pp.1022-1030
• /
• 2015

The context-awareness of mobile applications yields several issues for testing, since mobile applications should be able to be tested in any environment and under any contextual input. In previous studies of testing for Android applications as an event-driven system, many researchers have focused on using generated test cases considering only Graphical User Interface (GUI) events. However, it is difficult to find failures that could be detected when considering the changes in the context in which applications run. It is even more important to consider various contexts since the mobile applications adapt and use the new features and sensors of mobile devices. In this paper, we provide a method of systematically generating various executing contexts from permissions. By referring to the lists of permissions, the resources used by the applications for running Android applications can be easily inferred. To evaluate the efficiency of our testing method, we applied the method on two open source projects and showed that it contributes to improve the statement code coverage.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.89-96
• /
• 2021

In this paper, we proposed a sniffer to detect permission smells from developer and third-party libraries' code. Moreover, we conducted an empirical study to investigate unnecessary permissions on large real-world Android apps. Our analysis indicates that permission smell extensively exists in Android apps. According to the results, permission smells exist in most Android apps. In particular, third-party libraries request permission for functionalities that are not used by developers, which cause more smells. Moreover, most developers do not properly disable unnecessary permissions that are declared for third-party libraries. We discussed the impacts of permission smells on user experiences. As a result, the existence of permission smell does not impact the number of downloads. However, apps that have more unnecessary permissions have received lower ratings from users.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.367-372
• /
• 2022

In the age of smartphones, users accomplish their daily tasks using their smartphones due to the significant growth in smartphone technology. Due to these tremendous expansions, attackers are highly motivated to penetrate numerous mobile marketplaces with their developed malicious apps. Android has the biggest proportion of the overall market share when compared to other platforms including Windows, iOS, and Blackberry. This research will discuss the Android security features, vulnerabilities and threats, in addition to some existing protection mechanisms.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.959-981
• /
• 2017

Existing Android malware detection approaches mostly have concentrated on superficial features such as requested or used permissions, which can't reflect the essential differences between benign apps and malware. In this paper, we propose a quantitative calculation model of application risks based on the key observation that the essential differences between benign apps and malware actually lie in the way how permissions are used, or rather the way how their corresponding permission methods are used. Specifically, we employ a fine-grained analysis on Android application risks. We firstly classify application risks into five specific categories and then introduce comprehensive risk, which is computed based on the former five, to describe the overall risk of an application. Given that users' risk preference and risk-bearing ability are naturally fuzzy, we design and implement a fuzzy logic system to calculate the comprehensive risk. On the basis of the quantitative calculation model, we propose a risk classification based approach for Android malware detection. The experiments show that our approach can achieve high accuracy with a low false positive rate using the RandomForest algorithm.