Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Method to Analyze Information Leakage Malware using SSL Communication in Android Platform

  • Cho, Gilsu (Computer Science and Engineering, Chungnam National University) ;
  • Kim, Sangwho (Computer Science and Engineering, Chungnam National University) ;
  • Ryou, Jaecheol (Computer Science and Engineering, Chungnam National University)
  • Received : 2017.10.23
  • Accepted : 2018.04.17
  • Published : 2018.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Widely used around the world, smartphones contain many features and can store content such as contacts, photos, and videos. Information that can be leaked in proportion to the information that the smartphone can store has also been increased. In recent years, accidents such as personal information leakage have occurred frequently. Personal information leakage is happening in the Android environment, which accounts for more than half of the smartphone operating system market share. Analyzing malicious apps that leak information can tell you how to prevent information leakage. Malicious apps that leak information will send importantinformation to the hacker's (C & C) server, which will use network communication. Malicious apps that are emerging nowadays encrypt and transmit important information through SSL communication. In this case, it is difficult to knowwhat kind of information is exposed to network. Therefore, we suggest a method to analyze malicious apps when leak important information through SSL communication. In this paper, we identify the way malicious apps leak information. And we propose a method for analyzing information leaked by SSL communication. Data before encryption was confirmed in the device through SSL hooking and SSL Strip method.

Keywords

References

  1. Iland D.; Pucher A.; Schauble T. Detecting Android Malware on Network Level. University of California, Santa Barbara, Dec. 2011.
  2. Seven Shen, Android Malware Use SSL for Evasion, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-use-ssl-for-evasion/
  3. Wekipedia, Hooking, 2017, https://ko.wikipedia.org/wiki/hooking
  4. Hijack, adbi -The Android Dynamic Binary Instrumentation Toolkit, 2015, https://github.com/crmulliner/adbi
  5. Google, Security-Enhanced linux in Android, 2017, https://source.android.com/security/selinux
  6. Shubair Abdulla and Altyeb Altaher, "Intelligent Approach for Android Malware Detection," KSII Transactions on Internet and Information System, vol. 9, no.8, pp. 2964-2983, 2015. https://doi.org/10.3837/tiis.2015.08.012
  7. Yilin Ye, Lifa Wu, Zheng Hong and Kangyu Huang, "A Risk Classification Based Approach for Android Malware Detection," KSII Transactions on Internet and Information Systems, vol. 11, no.2 pp.958-981, 2017. https://doi.org/10.3837/tiis.2017.02.018
  8. Xi Xiao, Zhenlog Wang, Qi Li, Qing Li and Yong Jiang, "ANNs on Co-occurrence Matrices for Mobile Malware Detection," KSII Transactions on Internet and Information Systems, vol. 9, no. 7, pp. 2736-2754, 2015. https://doi.org/10.3837/tiss.2015.07.023
  9. Tae-kyung Ju, Weon Shin. "A New Filtering System against the Disclosure of Sensitive Internal Informaiton" Journal of the Korea Institute of Information and Communication Engineering, 19(5): 1137-1143, May, 2015. https://doi.org/10.6109/jkiice.2015.19.5.1137