Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Malicious Trojan Horse Application Discrimination Mechanism using Realtime Event Similarity on Android Mobile Devices

안드로이드 모바일 단말에서의 실시간 이벤트 유사도 기반 트로이 목마 형태의 악성 앱 판별 메커니즘

  • Received : 2014.02.07
  • Accepted : 2014.03.19
  • Published : 2014.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

안드로이드 기반 모바일 단말 사용자가 증가함에 따라 다양한 형태의 어플리케이션이 개발되어 안드로이드 마켓에 배포되고 있다. 하지만 오픈 마켓 또는 3rd party 마켓을 통해 악성 어플리케이션이 제작 및 배포되면서 안드로이드 기반 모바일 단말에 대한 보안 취약성 문제가 발생하고 있다. 대부분의 악성 어플리케이션 내에는 트로이 목마(Trojan Horse) 형태의 악성코드가 삽입되어 있어 모바일 단말 사용자 모르게 단말내 개인정보와 금융정보 등이 외부 서버로 유출된다는 문제점이 있다. 따라서 급격히 증가하고 있는 악성 모바일 어플리케이션에 의한 피해를 최소화하기 위해서는 능동적인 대응 메커니즘 개발이 필요하다. 이에 본 논문에서는 기존 악성 앱 탐지 기법의 장단점을 분석하고 안드로이드 모바일 단말내에서 실시간 이용시 발생하는 이벤트를 수집한 후 Jaccard 유사도를 중심으로 악성 어플리케이션을 판별하는 메커니즘을 제시하고 이를 기반으로 임의의 모바일 악성 앱에 대한 판별 결과를 제시하였다.

Keywords

References

  1. Hyung-Woo Lee, "Android based Mobile Device Rooting Attack Detection and Malicious Application Event Monitoring", Review of Korean Society for Internet Information, Vol. 13, No. 1, (2012), pp.30-38.
  2. Sungmin Kim, Eunhoe Kim, Jaeyoung Choi, "Illegally-copied App Detector on Android Platform", Journal of Security Engineering, Vol. 10, No. 1, (2013), pp.51-61.
  3. Seoungwook Min, Hyungjin Cho, Jinseop Shin, Jaecheol Ryou, "Android Malware Analysis and Detection Method Using Machine Learning", Journal of the Korean Institute of Information Scientists and Engineers: Computing Practices and Letters, Vol. 19, No. 2, (2013), pp.95-99.
  4. Youngnam Joun, Woohyun Ahn, "Detecting Repackaged Applications using the Information of App Installation in Android Smartphones", Journal of Convergence Security, Vol. 12, No.4, (2012), pp.9-15.
  5. Jungtae Kim, Eul-Gyu Im, "Malicious Family Detection Based on Android Using Similar Class Information", Journal of Security Engineering, Vol. 10, No. 4, (2013), pp.441-453.
  6. W. Zhou, X. jiang, Editors, "Dissecting Android Malware : Characterization and Evolution.", Proceedings of the 33rd IEEE Symposium on Security and Privacy, (2012). May 23-24, San Francisco, CA
  7. http://www.malgenomeproject.org, 2013. 4
  8. Suphakit Niwattanakul, Jatsada Singthongchai, Ekkachai Naenudorn and Supachanun Wanapu, "Using of Jaccard Coefficient for Keywords Similarity", Proceedings of the International MultiConference of Engineering and Computer Scientists 2013, Vol I, IMECS 2013, (2013), March 13-15, Hong Kong.
  9. You Jeong Ham, Daeyeol Moon, Hyung-Woo Lee, aedeok Lim, Jeong Nyeo Kim, "Activation Pattern Analysis on Malicious Android Mobile Applications", Proceedings of the 1st International Conference on Artificial Intelligence, Modelling and Simulation(AIMS), (2013) May 7-9, Sabah, Malaysia.
  10. You Jeong Ham, Hyung-Woo Lee, "Normal and Malicious Application Pattern Analysis using System Call Event on Android Mobile Devices for Similarity Extraction", Journal of Internet Computing and Services(JICS), Vol. 14, No. 6, (2013), pp.125-139. https://doi.org/10.7472/jksii.2013.14.6.125
  11. You Jeong Ham, Daeyeol Moon, Hyung-Woo Lee, Jaedeok Lim, Jeong Nyeo Kim, "Android Mobile Application System Call Event Pattern Analysis for Determination of Malicious Attack", International Journal of Security and Its Applications(IJSIA), Vol. 8, No.1, (2014), pp.231-246. https://doi.org/10.14257/ijsia.2014.8.1.22

Cited by

  1. Adaptive Multi-Layer Security Approach for Cyber Defense vol.16, pp.5, 2015, https://doi.org/10.7472/jksii.2015.16.5.01
  2. Efficient Detection of Android Mutant Malwares Using the DEX file vol.26, pp.4, 2016, https://doi.org/10.13089/JKIISC.2016.26.4.895
  3. Mepelyzer : 서버 기반 다형상 모바일 앱에 대한 메소드 및 퍼미션 유사도 기반 악성앱 판별 vol.8, pp.3, 2014, https://doi.org/10.15207/jkcs.2017.8.3.049
  4. 모바일 앱 실행시 커널 계층 이벤트 시퀀스 유사도 측정을 통한 악성 앱 판별 기법 vol.8, pp.4, 2014, https://doi.org/10.15207/jkcs.2017.8.4.025