정보과학회 논문지 (Journal of KIISE)

  • 제42권12호
  • /
  • Pages.1611-1622
  • /
  • 2015
  • /
  • 2383-630X(pISSN)
  • /
  • 2383-6296(eISSN)
한국정보과학회 (Korean Institute of Information Scientists and Engineers)
권호 표지
DOI QR코드

DOI QR Code

안드로이드 OS에서 앱 설치 의사결정 지원을 위한 악성 앱 분류 시스템

Malware Classification System to Support Decision Making of App Installation on Android OS

  • 유홍렬 (연세대학교 정보대학원) ;
  • 장윤 (세종대학교 컴퓨터공학과) ;
  • 권태경 (연세대학교 정보대학원)
  • 투고 : 2015.08.20
  • 심사 : 2015.09.25
  • 발행 : 2015.12.15
⟨ 이전 논문 다음 논문 ⟩

초록

안드로이드 시스템은 권한 기반의 접근제어 기능을 제공하고, 사용자로 하여금 앱 설치시 앱이 가진 권한을 통해 설치여부를 판단하도록 요구하고 있지만, 대부분의 사용자는 이것을 무시하거나 모르고 지나치는 경향이 있다. 따라서 사용자가 이와 같은 중요한 단계에 주어진 역할을 직관적으로 수행할 수 있도록 하기 위한 개선된 방법이 필요하다. 본 논문에서는 퍼미션 기반 접근제어 시스템을 위해 사용자의 의사결정을 즉각 지원할 수 있는 새로운 기법을 기계학습에 기반하여 연구하고 제안한다. 구체적으로 K-최근접 이웃 알고리즘을 목적에 맞게 수정하여 악성앱 가능성 판단에 대한 연구를 진행하였으며, 특성으로 안드로이드의 권한 152개를 사용했다. 실험 결과 약 93.5%의 정확도를 보였으며 유사한 알고리즘, 혹은 특성으로 권한만을 사용한 기존의 연구결과에 비해 우수한 분류 결과를 보였다. 이는 K-최근접 이웃 알고리즘의 범주 선택시 가중합을 반영했기 때문이다. 본 연구결과는 사용자가 권한을 검토하고 설치할 때 의사결정에 도움을 줄 수 있을 것으로 기대된다.

Although Android systems provide a permission-based access control mechanism and demand a user to decide whether to install an app based on its permission list, many users tend to ignore this phase. Thus, an improved method is necessary for users to intuitively make informed decisions when installing a new app. In this paper, with regard to the permission-based access control system, we present a novel approach based on a machine-learning technique in order to support a user decision-making on the fly. We apply the K-NN (K-Nearest Neighbors) classification algorithm with necessary weighted modifications for malicious app classification, and use 152 Android permissions as features. Our experiment shows a superior classification result (93.5% accuracy) compared to other previous work. We expect that our method can help users make informed decisions at the installation step.

키워드

과제정보

연구 과제 주관 기관 : 한국연구재단

참고문헌

  1. Yajin Zhou and Xuxian Jiang, "Dissecting Android Malware: Characterization and Evolution," Proc. IEEE Symp. Security and Privacy, pp. 95-109, May 2012.
  2. Juniper Networks, 2011 Mobile Threats Report [Online], Available: http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-2011-mobile-threatsreport.pdf (downloaded 2015, July 10)
  3. IDC, Smartphone OS Market Share, Q1 2015 [Online], Available: http://www.idc.com/prodserv/smartphoneos-market-share.jsp
  4. Veelasha Moonsamy, Jia Rong, Shaowu Liu, Gang Li, and Lynn Batten, "Contrasting Permission Patterns between Clean and Malicious Android Applications," Proc. Int. ICST Conf. SecureComm, pp. 69-85, Sep. 2013.
  5. Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy, "Privilege Escalation Attacks on Android," Proc. Int. Conf. Inform. Security, pp. 346-360, Oct. 2010.
  6. Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, Ahmad-Reza Sadeghi, and Bhargava Shastry, "Towards Taming Privilege-Escalation Attacks on Android," Proc. Internet Soc. Netw. Distrib. Syst. Security Symp. (NDSS), 2012.
  7. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner, "Android Permissions Demystified," Proc. ACM Conf. Comput. Commun. Security (CSS), pp. 627-638, Oct. 2011.
  8. Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner, "Android Permissions: User Attention, Comprehension, and Behavior," Proc. ACM Symp. Usable Privacy and Security (SOUPS), Jul. 2012.
  9. Kihwan Kim and Taehyoun Kim, "Design and Implementation of a Flexible Application Permission Management Scheme on Android Platform," The KIPS transactions. Part C, Vol. 18-C, No. 3, pp. 151-156, Jun. 2011. (in Korean)
  10. Youngbae Song, Geumhwan Cho, and Hyoungshick Kim, "Automatic Permission Grant Tool in Android Platform," 2014 Conference on Information Security and Cryptology-S, Jun. 2014. (in Korean)
  11. M. Hettig, E. Kiss, J.-F. Kassel, S. Weber, M. Harbach, and M. Smith, "Visualizing Risk by Example: Demonstrating Threats Arising From Android Apps," Proc. ACM Symp. Usable Privacy and Security (SOUPS), Jul. 2013.
  12. Hao Peng, Chris Gates, Bhaskar Sarma, Ninghui Li, Yuan Qi, Rahul Potharaju, Cristina Nita-Rotaru, and Ian Molloy, "Using Probabilistic Generative Models for Ranking Risks of Android Apps," Proc. ACM Conf. Comput. Commun. Security (CSS), pp. 241-252, Oct. 2012.
  13. Arzt, Steven, et al., "FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps," Proc. ACM SIGPLAN Conf. Programming Language Design and Implementation, 2014.
  14. Lerch, Johannes, et al., "FlowTwist: Efficient Context- sensitive Inside-out Taint Analysis for Large Codebases," Proc. ACM SIGSOFT Symp. Foundations of Software Engineering (FSE), pp. 98-108, 2014.
  15. Feng, Yu, et al., "Apposcopy: Semantics-based Detection of Android Malware Through Static Analysis," Proc. of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 2014.
  16. Gordon, Michael I., et al., "Information-Flow Analysis of Android Applications in DroidSafe," Proc. Internet Soc. Netw. Distrib. Syst. Security Symp. (NDSS), pp. 576-587, 2015.
  17. William Enck, Peter Gilber, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," ACM Tran. Comp. System, Volume 32, Issue 2, pp. 1-29, Jun. 2014. https://doi.org/10.1145/2619090
  18. The Honeynet Project [Online], Available: http://www.honeynet.org
  19. Yan, Lok-Kwong, and Heng Yin, "DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis," Proc. 21st USENIX Conf. on Security Symp., pp. 569-584, 2012.
  20. Tam, Kimberly, et al., "CopperDroid: Automatic Reconstruction of Android Malware Behaviors," Proc. Internet Soc. Netw. Distrib. Syst. Security Symp. (NDSS), 2015.
  21. Schultz, M.G., Eskin, E., Zadok, E., and Stolfo, S.J., "Data mining methods for detection of new malicious executables," Proc. IEEE Symp. Security and Privacy, pp. 38-49, May 2001.
  22. Asaf Shabtai, Yuval Fledel, and Yuval Elovici "Automated Static Code Analysis for Classifying Android Applications Using Machine Learning," Proc. Int. Conf. Computational Intelligence and Security, Dec. 2010.
  23. Borja Sanz, Igor Santos, Carlos Laorden, Xabier Ugarte-Pedrero, Pablo Garcia Bringas, and Gonzalo Alvarez, "PUMA: Permission Usage to Detect Malware in Android," Int. Conf. Complex, Intelligent, and Software Intensive Systems, Jul. 2012.
  24. Chun-Ying Huang, Yi-Ting Tsai, and Chung-Han Hsu, "Performance Evaluation on Permission-Based Detection for Android Malware," Proc. Int. Computer Symp., Dec. 2012.
  25. Zarni Aung and Win Zaw, "Permission-Based Android Malware Detection," International Journal Of Scientific & Technology Research, Vol. 2, Issue 3, pp. 228-234, Mar. 2013.
  26. Yerima, S.Y., Sezer, S., McWilliams, G. and Muttik, I., "A New Android Malware Detection Approach Using Bayesian Classification," Proc. IEEE Conf. Advanced Information Networking and Applications, pp. 121-128, Mar. 2013.
  27. Gerardo Canfora, Francesco Mercaldo, Corrado Aaron Visaggio, "A classifier of Malicious Android Applications," Proc. Int. Conf. Availability, Reliability and Security, Sep. 2013.
  28. Ming-Yang Su and Wen-Chuan Chang, "Permissionbased Malware Detection Mechanisms for Smart Phones," Proc. Int. Conf. Inform. Networking, pp. 449- 452, Feb. 2014.
  29. Xiong Ping, Wang Xiaofeng, Niu Wenjia, Zhu Tianqing, and Li Gang, "Android Malware Detection with Contrasting Permission Patterns," China Communications, Vol. 11, Issue 8, pp. 1-14, Aug. 2014. https://doi.org/10.1109/CC.2014.6827561
  30. Hye Lim Lee, Soohee Jang, and Ji Won Yoon, "Efficient Malware Detector for Android Devices," Journal of Korea Institute of Information Security and Cryptology, Vol. 24, No. 4, pp. 617-624, Aug. 2014. (in Korean) https://doi.org/10.13089/JKIISC.2014.24.4.617
  31. Contagio Malware dump [Online], Available: http:// contagiodump.blogspot.kr/ (downloaded 2015, July 10)