• 제목/요약/키워드: Mobile malware

검색결과 71건 처리시간 0.04초

모바일 환경에서 실시간 악성코드 URL 탐지 및 차단 연구 (A Study of Realtime Malware URL Detection & Prevention in Mobile Environment)

  • 박재경
    • 한국컴퓨터정보학회논문지
    • /
    • 제20권6호
    • /
    • pp.37-42
    • /
    • 2015
  • 본 논문에서는 악성코드에 대한 피해를 실시간으로 탐지하고 차단하기 위해 모바일 내부에 악성링크에 대한 데이터베이스를 저장하고 또한 악성링크 탐지 엔진을 통해 웹 서비스를 통제함으로 인해 보다 안전한 모바일 환경을 제공하고자 한다. 최근 모바일 환경에서의 악성코드는 PC 환경 못지않게 기승을 부리고 있으며 새로운 위협이 되고 있다. 특히 모바일 특성상 악성코드의 피해는 사용자의 금전적인 피해로 이어진다는 것이 더 중요한 이유이다. 이러한 사이버 범죄를 어떻게 예방하고 실시간으로 차단할 수 있을 것 인지에 대해 많은 연구가 진행되고 있지만 초보적인 수준에 불과한 실정이다. 추가적으로 SMS나 MMS를 통해 전달되는 스미싱도 탐지 및 차단할 수 있는 방안을 제안하고자 한다. 향후 모바일 사업자는 본 연구를 바탕으로 한 근본적인 대책을 수립하여 안전한 모바일 환경을 구축해야 할 것이다.

ANNs on Co-occurrence Matrices for Mobile Malware Detection

  • Xiao, Xi;Wang, Zhenlong;Li, Qi;Li, Qing;Jiang, Yong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제9권7호
    • /
    • pp.2736-2754
    • /
    • 2015
  • Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android

  • Lee, Han Seong;Lee, Hyung-Woo
    • International journal of advanced smart convergence
    • /
    • 제6권1호
    • /
    • pp.1-8
    • /
    • 2017
  • Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.

변조 업데이트를 통해 전파되는 모바일 악성어플리케이션 모델 연구 (A Research on Mobile Malware Model propagated Update Attacks)

  • 주승환;서희석
    • 디지털산업정보학회논문지
    • /
    • 제11권2호
    • /
    • pp.47-54
    • /
    • 2015
  • The popularity and adoption of smart-phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. The fluidity of application markets complicate smart-phone security. There is a pressing need to develop effective solutions. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smart-phone application. Now, the analytical methods used mainly are the reverse engineering-based analysis and the sandbox-based analysis. Such methods are can be analyzed in detail. but, they take a lot of time and have a one-time payout. In this study, we develop a system to monitor that mobile application permissions at application update. We had to overcome a one-time analysis. This study is a service-based malware analysis, It will be based will be based on the mobile security study.

A Novel Approach to Trojan Horse Detection in Mobile Phones Messaging and Bluetooth Services

  • Ortega, Juan A.;Fuentes, Daniel;Alvarez, Juan A.;Gonzalez-Abril, Luis;Velasco, Francisco
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제5권8호
    • /
    • pp.1457-1471
    • /
    • 2011
  • A method to detect Trojan horses in messaging and Bluetooth in mobile phones by means of monitoring the events produced by the infections is presented in this paper. The structure of the detection approach is split into two modules: the first is the Monitoring module which controls connection requests and sent/received files, and the second is the Graphical User module which shows messages and, under suspicious situations, reports the user about a possible malware. Prototypes have been implemented on different mobile operating systems to test its feasibility on real cellphone malware. Experimental results are shown to be promising since this approach effectively detects various known malware.

Actual Condition and Issues for Mobile Security System

  • Sakurai, Kouichi;Fukushima, Kazuhide
    • Journal of Information Processing Systems
    • /
    • 제3권2호
    • /
    • pp.54-63
    • /
    • 2007
  • The high-speed mobile Internet has recently been expanded, many attractive services are provided. However, these services require some form of security-related technology. This paper outlines Japanese mobile services and exposits some mobile security topics including mobile spam, mobile malware, mobile DRM system, mobile WiMAX security, and mobile key management.

선형 SVM을 사용한 안드로이드 기반의 악성코드 탐지 및 성능 향상을 위한 Feature 선정 (Linear SVM-Based Android Malware Detection and Feature Selection for Performance Improvement)

  • 김기현;최미정
    • 한국통신학회논문지
    • /
    • 제39C권8호
    • /
    • pp.738-745
    • /
    • 2014
  • 최근 모바일 사용자들이 증가하면서 모바일 어플리케이션 또한 계속적으로 증가하고 있다. 모바일 어플리케이션이 증가하면서 사용자들은 모바일 장치에 은행정보, 위치정보, 아이디, 패스워드 등의 민감한 정보들을 저장하고 있다. 따라서 최근에는 PC를 타겟으로 하는 악의적인 어플리케이션보다 모바일 장치를 타겟으로 하는 악의적인 어플리케이션들이 증가하고 있는 추세이다. 특히 안드로이드 플랫폼의 경우 오픈 플랫폼으로써 사용자들에게 악성 코드를 포함한 어플리케이션을 배포하기 유리한 환경을 가지고 있다. 본 논문에서는 안드로이드 환경에서 악성코드를 포함한 어플리케이션을 탐지하기 위해 선형 SVM(Support Vector Machine) 기계학습 분류기를 적용한 악성코드 탐지 시스템의 성능을 분석한다. 또한 모바일 악성코드의 탐지 성능 향상을 위한 feature를 제시하고, 의미있는 feature를 선정한다.

악성 안드로이드 앱 탐지를 위한 개선된 특성 선택 모델 (Advanced Feature Selection Method on Android Malware Detection by Machine Learning)

  • 부주훈;이경호
    • 정보보호학회논문지
    • /
    • 제30권3호
    • /
    • pp.357-367
    • /
    • 2020
  • 2018년 시만텍 보고서에 따르면, 모바일 환경에서 변종 악성 앱은 전년도 대비 54% 증가하였고, 매일 24,000개의 악성 앱이 차단되고 있다. 최근 연구에서는 기존 악성 앱 분석 기술의 사용 한계를 파악하고, 신·변종 악성 앱을 탐지하기 위하여 기계학습을 통한 악성 앱 탐지 기법이 연구되고 있다. 하지만, 기계학습을 적용하는 경우에도 악성 앱의 특성을 적절하게 선택하여 학습하지 못하면 올바른 결과를 보일 수 없다. 본 연구에서는 신·변종 악성 앱의 특성을 찾아낼 수 있도록 개선된 특성 선택 방법을 적용하여 학습 모델의 정확도를 최고 98%까지 확인할 수 있었다. 향후 연구를 통하여 정밀도, 재현율 등 특정 지표의 향상을 목표로 할 수 있다.

스마트폰 이용자의 악성코드용 모바일 백신 이용 의도에 영향을 미치는 요인 (The Factors Affecting Smartphone User's Intention to use Mobile Anti-Malware SW)

  • 장재영;김지동;김범수
    • 한국IT서비스학회지
    • /
    • 제13권2호
    • /
    • pp.113-131
    • /
    • 2014
  • Smartphone security threat has become an important issue in Information Science field following the wide distribution of smartphones. However, there are few studies related to such. Therefore, this study examined the factors affecting the intention of smartphone users to use the mobile vaccine against malware with the Protection Motivation Theory. To secure the reliability of the study, a surveying agency was commissioned. A total of 263 respondents, excluding 37 respondents who are users of iOS, which does not have mobile vaccine in the smart phone, or who gave invalid responses, were surveyed. The results showed that perception of the installed mobile vaccine significantly affected the Response Efficacy and Self-efficacy, and that the Perceived Severity, Perceived Vulnerability, Response Efficacy, and Self-efficacy significantly influenced the intention to use the mobile vaccine. On the other hand, Installation Perception of mobile vaccine itself did not affect the Perceived Severity and Perceived Vulnerability. This study is significant since it presented the new evaluation model of threat evaluation and response evaluation in the Protection Motivation Theory in accepting the security technology and raised the need for the promotion and exposure of mobile vaccine, since perception of mobile vaccine installation affects the response evaluation. It also found that the promotion must consider the seriousness of smartphone security, outstanding attribute of mobile vaccine, and user-friendliness of mobile vaccine above all.

모바일 환경에서 개인정보 유출 방지를 위한 개선 연구 (The Study of Improvement of Personal Information Leakage Prevention in Mobile Environment)

  • 최희식;조양현
    • 디지털산업정보학회논문지
    • /
    • 제11권3호
    • /
    • pp.53-62
    • /
    • 2015
  • Recently, number of tablet or Smartphone users increased significantly in domestic and around the world. But violation of personal information such as leakage, misuse and abuse are constantly occurring by using mobile devices which is very useful in our society. Therefore, in this paper it will talk about the problems in the network environment of the mobile environment such as tablet and Smartphone, Mobile Malware, hacking of the public key certificate, which could be potential threat to mobile environment. This thesis will research for people to use their mobile devices more reliable and safer in mobile environment from invasion and leakage of personal information. In order to use Smartphone safely, users have to use Wi-Fi and Bluetooth carefully in the public area. This paper will research how to use App safely and characteristic of risk of worm and Malware spreading. Because of security vulnerabilities of the public key certificate, it will suggest new type of security certification. In order to prevent from the information leakage and infect from Malware in mobile environment without knowing, this thesis will analyze the improved way to manage and use the mobile device.