KIPS Transactions on Software and Data Engineering (정보처리학회논문지:소프트웨어 및 데이터공학)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Malicious Application Determination Using the System Call Event

시스템 콜 이벤트 분석을 활용한 악성 애플리케이션 판별

  • 윤석민 (한신대학교 컴퓨터공학과) ;
  • 함유정 (한신대학교 컴퓨터공학과) ;
  • 한근식 (한신대학교 컴퓨터공학부) ;
  • 이형우 (한신대학교 컴퓨터공학부)
  • Received : 2014.10.15
  • Accepted : 2015.02.27
  • Published : 2015.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently smartphone market is rapidly growing and application market has also grown significantly. Mobile applications have been provided in various forms, such as education, game, SNS, weather and news. And It is distributed through a variety of distribution channels. Malicious applications deployed with malicious objectives are growing as well as applications that can be useful in everyday life well. In this study, Events from a malicious application that is provided by the normal application deployment and Android MalGenome Project through the open market were extracted and analyzed. And using the results, We create a model to determine whether the application is malicious. Finally, model was evaluated using a variety of statistical method.

최근 스마트폰 시장의 빠른 성장과 함께, 애플리케이션 시장 또한 크게 성장하고 있다. 애플리케이션은 날씨, 뉴스와 같은 정보검색을 비롯하여 교육, 게임, SNS 등 다양한 형태로 제공되고 있으며 다양한 유통경로를 통해 배포되고 있다. 이에 따라 일상에서 유용하게 사용할 수 있는 애플리케이션뿐만 아니라 악의적 목적을 가진 악성 애플리케이션의 배포 역시 급증하고 있다. 본 연구에서는 오픈마켓을 통해 배포되고 있는 정상 애플리케이션 및 Android MalGenome Project에서 제공하는 악성 애플리케이션의 이벤트를 추출, 분석하여 임의의 애플리케이션의 악성 여부를 판별하는 모형을 작성하고, 여러 가지 지표를 통해 모형을 평가하였다.

Keywords

References

  1. Y. J. Ham, H. W. Lee, "Normal and Malicious Application Pattern Analysis using System Call Event on Android Mobile Devices for Similarity Extraction," Journal of Internet Computing and Services(JICS), Vol.16, No.8, pp.125-139, 2013.
  2. Wajeb, Abdulrahman Mirza, "Software Vulnerabilities, Banking Threats, Botnets and Malware Self-Protection Technologies," International Journal of Computer Science Issues(IJCSI), Vol.8, No.1, pp.236-241, 2011.
  3. I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, "Crowdroid: Behavoir-Based Malware Detection System for Android," Proceeding of the 1st ACM workshop on security and privacy in smartphones and mobile devices (SPSM'11), ACM, Vol.1, pp.15-26, 2011.
  4. Y. J. Ham, "Malicious Application Event Discrimination and Diagnosis Mechanism on SmartPhone," Master's Thesis, Hanshin University, 2014.
  5. Suphakit Niwattanakul, Jatsada Singthongchai, Ekkachai Naenudorn, and Supachanun Wanapu, "Using of Jaccard Coefficient for Keywards Similarity," Proceedings of the International MultiConference of Engineering and Computer Scientists 2013 (IMECS 2013), Vol.1, pp.13-15, 2013.
  6. Yajin Zhou, Xuxian Jiang, Android Malgenome Project, [Internet], http://www.malgenomeproject.org/
  7. Strace, trace system calls and signals, [Internet], http://linux.die.net/man/1/strace/
  8. Stehman, Stephen V, "Selecting and interpreting measures of thematic classification accuracy," Remote Sensing of Environment, Vol.62, No.1, pp.77-89, 1997. https://doi.org/10.1016/S0034-4257(97)00083-7
  9. Fawcelt, Tom, "An Introduction to ROC Analysis," Pattern Recognition Letters, Vol.27, No.8, pp.861-874, 2006. https://doi.org/10.1016/j.patrec.2005.10.010
  10. Swets, John A, "Signal detection theory and ROC analysis in psychology and diagnostics," collected papers, Lawrence Erlbaum Associates, Mahwah, NJ, 1996.
  11. C. H. Jun, "Data mining Techniques," Hannarae, 2012.
  12. Breiman, L., Friedman, J., Stone, C. J., and Olshen, R. A., "Classification and regression trees," CRC press, 1984.
  13. Christopher M. Bishop, "Pattern Recognition and Machine Learning," Springer, pp.205, 2006.