Browse > Article
http://dx.doi.org/10.7472/jksii.2018.19.1.27

Malware Application Classification based on Feature Extraction and Machine Learning for Malicious Behavior Analysis in Android Platform  

Kim, Dong-Wook (Department of Computer Engineering, GachonUniv)
Na, Kyung-Gi (Department of Computer Engineering, GachonUniv)
Han, Myung-Mook (Department of Computer Engineering, GachonUniv)
Kim, Mijoo (SecurityR&D Team 1, KOREA INTERNET& SECURITY AGENCY)
Go, Woong (SecurityR&D Team 1, KOREA INTERNET& SECURITY AGENCY)
Park, Jun Hyung (SecurityR&D Team 1, KOREA INTERNET& SECURITY AGENCY)
Publication Information
Journal of Internet Computing and Services / v.19, no.1, 2018 , pp. 27-35 More about this Journal
Abstract
This paper is a study to classify malicious applications in Android environment. And studying the threat and behavioral analysis of malicious Android applications. In addition, malicious apps classified by machine learning were performed as experiments. Android behavior analysis can use dynamic analysis tools. Through this tool, API Calls, Runtime Log, System Resource, and Network information for the application can be extracted. We redefined the properties extracted for machine learning and evaluated the results of machine learning classification by verifying between the overall features and the main features. The results show that key features have been improved by 1~4% over the full feature set. Especially, SVM classifier improved by 10%. From these results, we found that the application of the key features as a key feature was more effective in the performance of the classification algorithm than in the use of the overall features. It was also identified as important to select meaningful features from the data sets.
Keywords
Android; Behivavr Analysis; Feature Extraction; Correlation Analysis; Malware Application Classification;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 http://www.itworld.co.kr/news/104914
2 https://www.gdata-software.com/news/2017/02/threat-situation-for-mobile-devices-worsens
3 AhnLab 보안 이슈 : http://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?seq=19269.
4 Yajin Zhou and Xuian Jiang, "Dissecting Android Malware: Characterization and Evolution", In security and Privacy(SP), 2012 IEEE Symposium on, IEEE, pp. 95-109, May, 2012.
5 http://blog.trendmicro.com/trendlabssecurity-intelligence/a-look-into-repackaged-apps-and-its-role-in-the-mobile-threat-landscape/
6 Google Mobile Blog, "Android and Security", 2012.
7 김기현, 함효식, 최미정, "SVM을 이용한 안드로이드 기반의 악성코드 탐지", 제 40회 정보처리학회 추계종합학술대회, 2013.
8 Shabtai, Asaf, et al. ""Andromaly": a behavioral malware detection framework for android devices." Journal of Intelligent Information Systems 38.1, pp. 161-190, 2012.   DOI
9 Burguera, Iker, Urko Zurutuza, and Simin Nadjm-Tehrani. "Crowdroid: behavior-based malware detection system for android.", Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM, pp. 15-26, 2011.
10 Liu, Lei, et al. "VirusMeter: Preventing Your Cellphone from Spies.", RAID. Vol. 5758. pp. 244-264, 2009.
11 Cheng, Jerry, et al. "Smartsiren: virus detection and alert for smartphones.", Proceedings of the 5th international conference on Mobile systems, applications and services. ACM, pp. 258-271, 2007.
12 Castillo, C. "Spitmo vs Zitmo: Banking Trojans Target Android.", 2011.
13 Z. Yajin and J. Xuxian, "Dissecting android malware: Characterization and evolution,", Proceedings of 33rd IEEE Symp Security Privacy, Oakland, CA, USA, pp. 95-109. 2012.
14 C. A. Castillo, "Android malware past, present, future", Mobile Working Security Group McAfee, Santa Clara, CA, USA, Tech. Rep. 2012.
15 Kim Jun-Hyoung, Im Eul-Gyu. "Androguard: Similarity Analysis for Android Application Binaries.", Korea Computer Congress, pp. 101-103, 2014
16 Jae-sung Yun, Jae-wook Jang, Huy Kang Kim, "Andro-profiler: Anti-malware system based on behavior profiling of mobile malware", Journal of the Korea Institute of Information Security & Cryptology, 24(1), pp. 145-154, 2014.   DOI
17 SAHS, Justin; KHAN, Latifur. "A machine learning approach to android malware detection", In: european Intelligence and security informatics conference (eisic), IEEE, pp. 141-147, 2012.
18 Yuan, Zhenlong, et al. "Droid-Sec: deep learning in android malware detection", ACM SIGCOMM Computer Communication Review. Vol. 44. No. 4. ACM, pp. 371-372, 2014.   DOI
19 Seungwook Min, Hyungjin Cho, Jinseop Shin, Jaecheol Ryou, "Android Malware Analysis and Detection Method Using Machine Learning", Journal of KIISE : Computing Practices and Letters, 19(2), pp. 95-99, 2013.
20 Yun-sik Jeong, Seong-wook Kang, Seong-je Cho and In-sik Song, "A Kernel-based Monitoring Approach for Analyzing Malicious behavior on Android," Korea Computer Congress, pp. 127-129, Jun. 2013
21 https://koodous.com/
22 Narudin, Fairuz Amalina, et al. "Evaluation of machine learning classifiers for mobile malware detection", Soft Computing 20.1, pp. 343-357, 2016.   DOI