정보과학회 논문지 (Journal of KIISE)

  • 제41권9호
  • /
  • Pages.707-714
  • /
  • 2014
  • /
  • 2383-630X(pISSN)
  • /
  • 2383-6296(eISSN)
한국정보과학회 (Korean Institute of Information Scientists and Engineers)
권호 표지
DOI QR코드

DOI QR Code

API간 상호 의존성 및 최단거리 분석을 통한 안드로이드 애플리케이션의 개인정보 유출 탐지 기법

Detection of Privacy Information Leakage for Android Applications by Analyzing API Inter-Dependency and the Shortest Distance

  • 김도래 (한양대학교 컴퓨터/소프트웨어) ;
  • 박용수 (한양대학교 컴퓨터공학)
  • 투고 : 2014.07.02
  • 심사 : 2014.07.23
  • 발행 : 2014.09.15
⟨ 이전 논문 다음 논문 ⟩

초록

스마트폰 사용자에게 서비스를 제공하기 위해 정상 앱은 특정 개인정보를 외부로 전달하는 행위를 하며, 이러한 정상 앱의 행위는 악성 앱과 행위 측면에서 유사한 면을 지닌다. 즉, 정상 앱을 악의적인 목적으로 일부 조작한다면, 정상 앱은 쉽게 악성 앱으로 변조될 수 있다. 때문에 정상 앱이라 할지라도 개인정보의 유출 가능성을 사용자에게 앱 설치 이전에 경고해서 잠재적인 악의적 행위를 예방하는 것이 중요하다. 본 논문에서는 추출된 API간 상호의존성 정보 내부에서 개인정보 탈취 및 유출 노드사이의 최단거리를 계산하여 개인정보 유출의 가능성을 지닌 의심스러운 일반 앱 탐지 방법을 제안한다. 또한 제안방법을 적용시켜 "LeakDroid"를 구현하였으며, 이를 검증하기 위해 악성 앱 250개와 일반 앱 1700개를 사용하여 실험을 진행하였다. 실험결과 악성 앱은 96.4%의 탐지율을 달성하였고, 일반 앱은 1700개중 실제 68개의 앱에서 개인정보 유출을 의심할 수 있는 흐름을 확인하였다.

In general, the benign apps transmit privacy information to the external to provide service to users as the malicious app does. In other words, the behavior of benign apps is similar to the one of malicious apps. Thus, the benign app can be easily manipulated for malicious purposes. Therefore, the malicious apps as well as the benign apps should notify the users of the possibility of privacy information leakage before installation to prevent the potential malicious behavior. In this paper, We propose the method to detect leakage of privacy information on the android app by analyzing API inter-dependency and shortest distance. Also, we present LeakDroid which detects leakage of privacy information on Android with the above method. Unlike dynamic approaches, LeakDroid analyzes Android apps on market site. To verify the privacy information leakage detection of LeakDroid, we experimented the well-known 250 malicious apps and the 1700 benign apps collected from Android Third party market. Our evaluation result shows that LeakDroid reached detection rate of 96.4% in the malicious apps and detected 68 true privacy information leakages inside the 1700 benign apps.

키워드

과제정보

연구 과제 주관 기관 : 한국연구재단

참고문헌

  1. Thurm, Scott, and Yukari Iwatani Kane, "Your apps are watching you," The Wall Street Journal 17, 2010.
  2. Anzhi android market, http://www.anzhi.com/
  3. KNN, http://en.wikipedia.org/wiki/K-nearest_neighbors_algorithm.
  4. Decision Tree, http://en.wikipedia.org/wiki/Decision_tree.
  5. Bayesian networks, http://en.wikipedia.org/wiki/Bayesian_network.
  6. Wu, Dong-Jie, et al., "Droidmat: Android malware detection through manifest and API calls tracing," Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, 2012.
  7. Androguard, https://code.google.com/p/androguard/.
  8. Sato, Ryo, Daiki Chiba, and Shigeki Goto, "Detecting Android Malware by Analyzing Manifest Files," Proceedings of the Asia-Pacific Advanced Network 36 (2013): 23-31.
  9. Fritz, Christian, et al., "Highly precise taint analysis for android applications," EC SPRIDE, TU Darmstadt, Tech. Rep (2013).
  10. Enck, William, et al., "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," OSDI, Vol. 10, 2010.
  11. Yang, Zhemin, and Min Yang, "Leakminer: Detect information leakage on android with static taint analysis," Software Engineering (WCSE), 2012 Third World Congress on, IEEE, 2012.
  12. Kim, Seil, et al., "A study on static analysis model of mobile application for privacy protection," Computer Science and Convergence, Springer Netherlands, pp. 529-540, 2012.
  13. Enck, William, Machigar Ongtang, and Patrick McDaniel, "On lightweight mobile phone application certification," Proceedings of the 16th ACM conference on Computer and communications security, ACM, 2009.
  14. Zhou, Yajin, et al., "Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets," Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012.
  15. Barrera, David, et al., "A methodology for empirical analysis of permission-based security models and its application to android," Proceedings of the 17th ACM conference on Computer and communications security, ACM, 2010.
  16. Dijkstra's algorithm, http://en.wikipedia.org/wiki/Dijkstra's_algorithm
  17. contagio, http://contagiominidump.blogspot.kr/
  18. VirusTotal, https://www.virustotal.com/