• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.27-35
• /
• 2018

This paper is a study to classify malicious applications in Android environment. And studying the threat and behavioral analysis of malicious Android applications. In addition, malicious apps classified by machine learning were performed as experiments. Android behavior analysis can use dynamic analysis tools. Through this tool, API Calls, Runtime Log, System Resource, and Network information for the application can be extracted. We redefined the properties extracted for machine learning and evaluated the results of machine learning classification by verifying between the overall features and the main features. The results show that key features have been improved by 1~4% over the full feature set. Especially, SVM classifier improved by 10%. From these results, we found that the application of the key features as a key feature was more effective in the performance of the classification algorithm than in the use of the overall features. It was also identified as important to select meaningful features from the data sets.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.8
• /
• pp.738-745
• /
• 2014

Recently, mobile users continuously increase, and mobile applications also increase As mobile applications increase, the mobile users used to store sensitive and private information such as Bank information, location information, ID, password on their mobile devices. Therefore, recent malicious application targeted to mobile device instead of PC environment is increasing. In particular, since the Android is an open platform and includes security vulnerabilities, attackers prefer this environment. This paper analyzes the performance of malware detection system applying linear SVM machine learning classifier to detect Android malware application. This paper also performs feature selection in order to improve detection performance.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.47-54
• /
• 2017

In this paper, we propose a connected car platform architecture called Mobile Second for developing of verity convergence services. A Mobile Second platform architecture is designed to provide more powerful and diverse convergence services for vehicles and drivers by applying technologies of Connected Car and ICT Convergence in various ways. The Mobile Second platform is implemented by applying Tizen IVI and Android to hardware platforms for IVI, Nexcom's VTC1010 and Freescale's i.MX6q/dl respectively. The Mobile Second platform provides the driver with the vehicle's information via IVI devices, mobile devices and PCs, etc., and provides Vehicle Selective Gateway(VSG) and Vehicle Control Framework for the driver to control his/her vehicle, and also provides a web framework to enable the use of VSG's APIs for the monitoring and controlling the vehicle information in various mobile environments as well as IVI devices. Since the Mobile Second platform aims to create new variety of services for Connected Car, it includes service frameworks for Smart Care / Self diagonostics, Mood & Entertainment services, and Runtime, libraries and APIs needed for the development of related applications. The libraries given by the Mobile Second Platform provides both a native library for native application support and a Java Script-based library for web application support, minimizing the dependency on the platform and contributing the convenience of developers at the same time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.643-653
• /
• 2018

Xamarin is a representative cross-platform development framework that allows developers to write mobile apps in C# for multiple mobile platforms, such as Android, iOS, or Windows Phone. Using Xamarin, mobile app developers can reuse existing C# code and share significant code across multiple platforms, reducing development time and maintenance costs. Meanwhile, malware authors can also use Xamarin to spread malicious apps on more platforms, minimizing the time and cost of malicious app creation. In order to cope with this problem, it is necessary to analyze and detect malware written with Xamarin. However, little studies have been conducted on static analysis methods of the apps written in Xamarin. In this paper, we examine the structure of Android apps written with Xamarin and propose a static analysis technique for the apps. We also demonstrate how to statically reverse-engineer apps that have been transformed using code obfuscation. Because the Android apps written with Xamarin consists of Java bytecode, C# based DLL libraries, and C/C++ based native libraries, we have studied static reverse engineering techniques for these different types of code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.519-529
• /
• 2019

Nowadays, intelligent Android malware applies anti-analysis techniques to hide malicious behaviors and make it difficult for anti-virus vendors to detect its presence. Malware can use background components to hide harmful operations, use activity-alias to get around with automation script, or wipe the logcat to avoid forensics. During our study, several static analysis tools can not extract these hidden components like main activity, and dynamic analysis tools also have problem with code coverage due to partial execution of android malware. In this paper, we design and implement a system to analyze intelligent malware that uses anti-analysis techniques to improve detection rate of evasive malware. It extracts the hidden components of malware, runs background components like service, and generates all the intent events defined in the app. We also implemented a real-time logging system that uses modified logcat to block deleting logs from malware. As a result, we improve detection rate from 70.9% to 89.6% comparing other container based dynamic analysis platform with proposed system.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.4
• /
• pp.99-105
• /
• 2015

As increasing the use of smart phones, the interest of iOS and Android operating system is growing up. In this paper, a novel steganographic method based on Android platform is proposed. Firstly, we analyze the skia based image format that is supporting 2D graphic libraries in Android operating system. Then, we propose a new data hiding method based on the Android bitmap image format. The proposed method hides the secret data on the four true color areas which include Alpha, Red, Green, Blue. In especial, we increase the embedding capacity of the secret data on the Alpha area with a less image distortion. The experimental results show that the proposed method has a higher embedding capacity and less distortion by changing the size of the secret bits on the Alpha area.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.1
• /
• pp.72-80
• /
• 2016

Recently, IM(Instant Messenger) of KakaoTalk is being used on smart devices such as smartphones. Because IM service can carry user and/or suspector's various information including life style, geographical position, psychology and crime history, forensic analysis on IM service is desirable. But, forensic analysis for KakaoTalk is not well studied yet. This paper studies a proper forensic method for KakaoTalks, finds artifacts location, reconstruct the list of contacts and the chronology of the messages that have been exchanged by users. Proposed methodology and analyzed information can provide a basic platform for forensic tool.

• Annual Conference of KIPS
• /
• 2013.11a
• /
• pp.711-714
• /
• 2013

구글의 안드로이드 플랫폼은 오픈 소스의 특성으로 인해 스마트 폰 제조사와 통신 사업자, 일반 사용자들의 많은 관심을 받고 있으며 2013년 2분기에는 전 세계 스마트 폰 시장에서 점유율 79.3%라는 결과를 얻게 되었다. 하지만 안드로이드의 높은 점유율만큼 안드로이드 플랫폼에 대한 공격들 또한 많아지고 있다. 이러한 공격들로부터 안드로이드 플랫폼의 보안성을 향상시키기 위해 많은 보안 기능들이 안드로이드에 탑재되고 개선되고 있지만, 보안 기능이 개선되는 만큼 새로운 보안 취약성들도 발견되고 있다. 본 연구에서는 안드로이드에서 제공하는 응용 프로그램 권한 기법에 대한 보안 취약성을 분석하고 그에 대한 향상된 보안 대책을 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.11
• /
• pp.6849-6855
• /
• 2014

Recently, with the increasing use of smart phones, security issues, such as safety and reliability of the use of the Android application has become a topic to provide services in various forms. An Android application is performed using several important files in the form of an apk file. On the other hand, they may be subject to unauthorized use, such as the loss of rights and privileges due to the insertion of malicious source code of these apk files. This paper examines the Android environment to study ways to define the threats related to the unauthorized use of the application source code, and based on the results of the analysis, to prevent unauthorized use of the application source code. In this paper, a system is provided using a third body to prevent and detect applications that have been counterfeited or forged illegally and installed on Android devices. The application provides services to existing systems that are configured with only the service server that provides users and applications general, This paper proposes the use of a trusted third party for user registration and to verify the integrity of the application, add an institution, and provide a safe application.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.151-156
• /
• 2013

Android that was made by Google and Open Handset Alliance is the open source software toolkit for mobile phone. In a few years, Android will be used by millions of Android mobile phones and other mobile devices, and become the main platform for application developers. In this paper, the integrated login application based on Google's Android platform is developed. The main features of the mobile combination login application content based on Android are as follows. First, the application has more convenient login functionality than the functionality of general web browser as the web browser of the mobile-based applications(web browser style applications) as well as security features and faster screen(view) capability by reducing the amount of data transfer. Second, the application is so useful for management of ID and Password, and it can easily manage multiple ID information such as message, mail, profile. The results of performance evaluation of the developed application show the functionality that can login many kinds of portal sites simultaneously as well as the ability that can maintain login continuously. Currently, we are trying to develope a couple of the technologies that can insert multiple accounts into one ID and check all information on one screen.