DOI QR코드

DOI QR Code

Optimal Machine Learning Model for Detecting Normal and Malicious Android Apps

안드로이드 정상 및 악성 앱 판별을 위한 최적합 머신러닝 기법

  • 이형우 (한신대학교 컴퓨터공학부) ;
  • 이한성 (한신대학교 컴퓨터공학과 대학원)
  • Received : 2020.04.20
  • Accepted : 2020.06.23
  • Published : 2020.06.30

Abstract

The mobile application based on the Android platform is simple to decompile, making it possible to create malicious applications similar to normal ones, and can easily distribute the created malicious apps through the Android third party app store. In this case, the Android malicious application in the smartphone causes several problems such as leakage of personal information in the device, transmission of premium SMS, and leakage of location information and call records. Therefore, it is necessary to select a optimal model that provides the best performance among the machine learning techniques that have published recently, and provide a technique to automatically identify malicious Android apps. Therefore, in this paper, after adopting the feature engineering to Android apps on official test set, a total of four performance evaluation experiments were conducted to select the machine learning model that provides the optimal performance for Android malicious app detection.

안드로이드 플랫폼 기반 모바일 애플리케이션은 디컴파일이 간단하여 정상 앱과 유사한 악성 애플리케이션을 만들 수 있으며, 제작된 악성 앱은 안드로이드 서드 파티(third party) 앱 스토어를 통해 배포되고 있다. 이 경우 악성 애플리케이션은 기기 내 개인정보 유출, 프리미엄 SMS 전송, 위치정보와 통화 기록 유출 등의 문제를 유발한다. 따라서 최근 이슈가 되고 있는 머신러닝 기법 중에서 최적의 성능을 제공하는 모델을 선별하여 악성 안드로이드 앱을 자동으로 판별할 수 있는 기법을 제공할 필요가 있다. 이에 본 논문에서는 공인 실험 데이터셋을 이용하여 안드로이드 앱의 특징정보를 선별한 후에 총 네 가지의 성능 평가 실험을 통해 안드로이드 악성 앱 판별에 최적의 성능을 제공하는 머신러닝 모델을 제시하였다.

Keywords

References

  1. Symantec. Internet Security Threat Report. Volume 23. March 2018. https://docs.broadcom.com/doc/istr-23-2018-en.
  2. Victor Chebyshev. Mobile malware evolution 2019. February 25, 2020. http://securelist.com/mobile-malware-evolution-2019/96280/.
  3. D.H.Park, E.J.Myeong and J.B.Yun, "Efficient Detection of Android Mutant Malwares Using the DEX file", Korea Institute Of Information Security And Cryptology, Vol.26, No.4, pp.895-902, 2016. https://doi.org/10.13089/JKIISC.2016.26.4.895
  4. D.H.Kim, M.G.Lee, M.S.Song and S.J.Cho, "Machine Learning based Android Malware Detection using Gray Scale Images", KOREA INFORMATION SCIENCE SOCIETY, Vol.45, No.1, pp.1245-1247, 2018.
  5. Androguard. https://github.com/androguard/androguard.
  6. Jupyter Notebook. https://jupyter.org/.
  7. Jupyter Lab. https://github.com/jupyterlab/jupyterlab.
  8. Python. https://www.python.org/.
  9. scikit-learn. https://scikit-learn.org/.
  10. J.W.Jang, J.S.Yun, A.Mohaisen, J.Y.Woo and H.K.Kim. "Detecting and classifying method based on similarity matching of Android malware behavior with profile.", SpringerPlus, Vol.5, No.1, pp.273, 2016. https://doi.org/10.1186/s40064-016-1861-x
  11. J.S.Yun, J.W.Jang, and H.K.Kim. "Andro-profiler: anti-malware system based on behavior profiling of mobile malware.", Journal of the Korea Institute of Information Security & Cryptology, Vol.24, No.1, pp.145-154, 2014. https://doi.org/10.13089/JKIISC.2014.24.1.145
  12. Android Documentation. http://developer.android.com/guide/topics/manifest/permission-element.html.
  13. S.M.Hwang and H.W.Lee, "Identification of Counterfeit Android Malware Apps using Hyperledger Fabric Blockchain," Journal of Internet Computing and Services, vol. 20, no. 2, pp. 61-68, 2019. DOI: 10.7472/jksii.2019.20.2.61.
  14. H.S.Lee and H.W.Lee, "Consortium Blockchain based Forgery Android APK Discrimination DApp using Hyperledger Composer," Journal of Internet Computing and Services, vol. 20, no. 5, pp. 9-18, 2019. DOI: 10.7472/jksii.2019.20.5.9.
  15. K.W.Bae, K.H.Lee, "Security of Database Based On Hybrid Blockchain," Journal of The Korea Internet of Things Society, Vol.6, No.1, pp.9-15, 2020. https://doi.org/10.20465/KIOTS.2020.6.1.009