Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.1.187

A Scheme for Identifying Malicious Applications Based on API Characteristics  

Cho, Taejoo (Soongsil University)
Kim, Hyunki (Soongsil University)
Lee, Junghwan (Soongsil University)
Jung, Moongyu (Samsung Electronics)
Yi, Jeong Hyun (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.1, 2016 , pp. 187-196 More about this Journal
Abstract
Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.
Keywords
Android Malware; Android Repackaging Attack; API Classification; Naive Bayes Classification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Anubis, https://anubis.iseclab.org/
2 Virus Bulletin, http://www.virusbtn.com/resources/glossary/malware.xml
3 W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A Study of Android Application Security," Proceedings of the 20th USENIX conference on Security, p.21-21, Aug. 2011.
4 J. H. Jung, J. Y. Kim, H. C. Lee, and J. H. Yi, "Repackaging Attack on Android Banking Applications and Its Countermeasures," Journal of Wireless Personal Communications, vol.73, pp. 1421-1437, June 2013.   DOI
5 T. J. Cho, G. B. Na, D. G. Lee, and J. H. Yi "Account Forgery and Privilege Escalation Attacks on Android Home Cloud Devices," Advanced Science Letters, vol. 21, pp. 381-386, Mar. 2015.   DOI
6 DEX File Format, http://source.android.com/devices/tech/dalvik/dex-format. html
7 C. Collberg and J. Nagra. "Surreptitious Software: Obfuscation, Watermarking, and Tamper Proofing for Software Protection," Addison Wesley Professional, 2009.
8 C .Collberg, C.Thomborson, and D.Low, "A Taxonomy of Obfuscating Transformations," Technical report 148, Department of computer science, the University of Auckland, Auckland, New Zealand, 1997.
9 F. Zhang, H. Huang, S, Zhu, D. Wu, and P. Liu, "ViewDroid: towards obfuscation- resilient mobile application repackaging detection," Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, pp.25-36, July 2014.
10 Android API Reference, http://developer.android.com/reference/
11 A. McCallum and K. Nigam, "A comparison of event models for naive bayes text classification," AAAI-98 Workshop on Learning for Text Categorization, Vol. 752, pp. 41-48, 1998.
12 D. Pavlov, R. Balasubramanyan, S. Kapur, and J. Parikh, "Document preprocessing for naive Bayes classification and clustering with mixture of multinomials," Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, pp.829-834, Aug. 2004.
13 ASMDEX, http://asm.ow2.org/asmdex-index.html
14 Bytecode, http://source.android.com/devices/tech/dalvik/dalvik-bytecode.html
15 Contagio, http://contagiominidump.blogspot.kr/
16 VirusShare, http://virusshare.com/
17 Apktool, http://ibotpeaches.github.io/Apktool/