Browse > Article
http://dx.doi.org/10.15207/JKCS.2017.8.4.025

Malicious App Discrimination Mechanism by Measuring Sequence Similarity of Kernel Layer Events on Executing Mobile App  

Lee, Hyung-Woo (School of Computer Engineering, Hanshin University)
Publication Information
Journal of the Korea Convergence Society / v.8, no.4, 2017 , pp. 25-36 More about this Journal
Abstract
As smartphone users have increased in recent years, various applications have been developed and used especially for Android-based mobile devices. However, malicious applications developed by attackers for malicious purposes are also distributed through 3rd party open markets, and damage such as leakage of personal information or financial information of users in mobile terminals is continuously increasing. Therefore, to prevent this, a method is needed to distinguish malicious apps from normal apps for Android-based mobile terminal users. In this paper, we analyze the existing researches that detect malicious apps by extracting the system call events that occur when the app is executed. Based on this, we propose a technique to identify malicious apps by analyzing the sequence similarity of kernel layer events occurring in the process of running an app on commercial Android mobile devices.
Keywords
Android; malicious apps; system calls; event similarity; detection mechanisms;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 W. R. Jeon, J. Y. Kim, Y. S. Lee, D. H. Won, “Analysis of Threats and Countermeasures on Mobile Smartphone,” Journal of the Korean Society of Computer and Information, Vol. 16, No. 2, pp. 153-163, 2011.
2 W. Enck, M. Ongtang, P. McDaniel, “Understanding android security,” IEEE Security & Privacy Magazine, Vol. 7, No. 1, pp. 50-57, 2009.   DOI
3 A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, "Google Android: A State-of-the-art Review of Security Mechanisms," Technical Report, Cornell University, 2009.
4 Sushma Verma, Sunil Kumar Muttoo, S.K. Pal, “MDroid: Android based Malware Detection Using MCM Classifier,” International Journal of Engineering Applied Sciences and Technology, Vol. 1, No. 8, pp. 206-215, 2016.
5 J. W. Park, S. T. Moon, G. W. Son, I. K. Kim, K. S. Han, E. G. Im, I. G. Kim, “An Automatic Malware Classification System using String List and APIs,” Journal of Security Engineering, Vol. 8, No. 5, pp. 611-626, 2011.
6 I. Burguera, U. Zurutuza, S. Nadjm-Tehrani, "Crowdroid: Behavoir-Based Malware Detection System for Android," Proceeding of the 1st ACM workshop on security and privacy in smartphones and mobile devices(SPSM'11), ACM, Vol. 1, pp. 15-26, 2011.
7 A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, Y. Weiss, “Andromaly: a behavioral malware detection framework for android devices,” Journal of Intelligent Information Systems, Vol. 38, No. 1, pp. 161-190, 2012.   DOI
8 M. H. Lee, "A Study on N-Screen Convergence Application with Mobile WebApp Environment", Journal of the Korea Convergence Society, Vol. 6, No. 2, pp. 43-48, 2015.   DOI
9 More than 50 Android apps found infected with rootkit malware, http://www.guardian.co.uk/technology/blog/2011/mar/02/android-market-apps-malware.
10 Y. Zhong, H. Yamaki, H. Takakura, "A Malware Classification method Based on Similarity of Function Structure," 12th International Symposium of Applications and the Internet(SAINT), pp. 256-261, 2012.
11 CuckooDroid - http://cuckoo-droid.readthedocs.org/
12 Y. J. Ham, H. W. Lee, “Design and Implementation of Malicious Application Detection System Using Event Aggregation on Android based Mobile Devices,” Journal of The Korea Society of Internet and Information, Vol. 14, No. 6, pp. 125-139, 2013.
13 Y. J. Ham, H. W. Lee, “Malicious Trojan Horse Application Discrimination Mechanism using Realtime Event Similarity on Android Mobile Devices,” Journal of Internet Computing and Services, Vol. 15, No. 3, pp. 31-43, 2014.   DOI
14 H. W. Lee, "Android based Mobile Device Rooting Attack Detection and Malicious Application Event Monitoring," Review of Korean Society for Internet Information, Vol. 13, No. 1, pp. 30-38, 2012.
15 http://www.malgenomeproject.org, 2013. 4
16 Y. J. Ham, D. Y. Moon, H. W. Lee, J. D. Lim, J. N. Kim, "Android Mobile Application System Call Event Pattern Analysis for Determination of Malicious Attack", International Journal of Security and Its Applications(IJSIA), Vol. 8, No. 1, pp. 231-246, 2014.   DOI
17 S. W. Cho, W. J. Jang, H. W. Lee, “Development of User Oriented Vulnerability Analysis Application on Smart Phone,” Journal of the Korea Convergence Society, Vol. 3, No. 2, pp. 7-12, 2012.
18 B. S. Yu, S. H. Yun, "The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing", Journal of the Korea Convergence Society, Vol. 2, No. 4, pp. 9-14, 2011.