• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.159-168
• /
• 2017

Smartphone malware has increased because Smartphone users has increased and smartphones are widely used in everyday life. Since 2012, Android has been the most mobile operating system. Owing to the open nature of Android, countless malware are in Android markets that seriously threaten Android security. Most of Android malware detection program does not detect malware to which bypass techniques apply and also does not detect unknown malware. In this paper, we propose lightweight method for detection of Android malware using static analysis and deep learning techniques. For experiments we crawl 7,000 apps from the Google Play Store and collect 6,120 malwares. The result show that proposed method can achieve 98.05% detection accuracy. Also, proposed method can detect about unknown malware families with good performance. On smartphones, the method requires 10 seconds for an analysis on average.

• Journal of Internet Computing and Services
• /
• v.14 no.6
• /
• pp.125-139
• /
• 2013

Distribution of malicious applications developed by attackers is increasing along with general normal applications due to the openness of the Android-based open market. Mechanism that allows more accurate ways to distinguish normal apps and malicious apps for common mobile devices should be developed in order to reduce the damage caused by the rampant malicious applications. This paper analysed the normal event pattern from the most highly used game apps in the Android open market to analyse the event pattern from normal apps and malicious apps of mobile devices that are based on the Android platform, and analysed the malicious event pattern from the malicious apps and the disguising malicious apps in the form of a game app among 1260 malware samples distributed by Android MalGenome Project. As described, experiment that extracts normal app and malicious app events was performed using Strace, the Linux-based system call extraction tool, targeting normal apps and malicious apps on Android-based mobile devices. Relevance analysis for each event set was performed on collected events that occurred when normal apps and malicious apps were running. This paper successfully extracted event similarity through this process of analyzing the event occurrence characteristics, pattern and distribution on each set of normal apps and malicious apps, and lastly suggested a mechanism that determines whether any given app is malicious.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.31-43
• /
• 2014

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.1-10
• /
• 2020

The mobile application based on the Android platform is simple to decompile, making it possible to create malicious applications similar to normal ones, and can easily distribute the created malicious apps through the Android third party app store. In this case, the Android malicious application in the smartphone causes several problems such as leakage of personal information in the device, transmission of premium SMS, and leakage of location information and call records. Therefore, it is necessary to select a optimal model that provides the best performance among the machine learning techniques that have published recently, and provide a technique to automatically identify malicious Android apps. Therefore, in this paper, after adopting the feature engineering to Android apps on official test set, a total of four performance evaluation experiments were conducted to select the machine learning model that provides the optimal performance for Android malicious app detection.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.6
• /
• pp.907-913
• /
• 2022

Approximately 70% of smartphone users around the world use Android operating system-based smartphones, and malicious apps targeting these Android platforms are constantly increasing. Google has provided "Google Play Protect" to respond to the increasing number of Android targeted malware, preventing malicious apps from being installed on smartphones, but many malicious apps are still normal. It threatens the smartphones of ordinary users registered in the Google Play store by disguising themselves as apps. However, most people rely on antivirus programs to detect malicious apps because the average user needs a great deal of expertise to check for malicious apps. Therefore, in this paper, we propose a method to classify unnecessary malicious permissions of apps by using only the categories and permissions that can be easily confirmed by the app, and to easily detect malicious apps through the classified permissions. The proposed method is compared and analyzed from the viewpoint of undiscovered rate and false positives with the "commercial malicious application detection program", and the performance level is presented.

• Journal of Internet of Things and Convergence
• /
• v.6 no.4
• /
• pp.65-72
• /
• 2020

In this paper, we developed a web-based DApp system based on a private blockchain by applying machine learning techniques to automatically identify Android malicious apps that are continuously increasing rapidly. The optimal machine learning model that provides 96.2587% accuracy for Android malicious app identification was selected to the authorized experimental data, and automatic identification results for Android malicious apps were recorded/managed in the Hyperledger Fabric blockchain system. In addition, a web-based DApp system was developed so that users who have been granted the proper authority can use the blockchain system. Therefore, it is possible to further improve the security in the Android mobile app usage environment through the development of the machine learning-based Android malicious app identification block chain DApp system presented. In the future, it is expected to be able to develop enhanced security services that combine machine learning and blockchain for general-purpose data.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.902-904
• /
• 2022

스마트폰 사용자 수가 증가함에 따라 스미싱, 몸캠피싱, 메신저 피싱과 같은 정보통신망을 이용한 범죄가 큰 폭으로 증가하고 있다. 이러한 범죄 피해는 다양한 연령층에서 발생하고 있다. 본 논문에서는 국내 모바일 운영체제 점유율이 가장 높은 안드로이드 운영체제를 대상으로 하는 패킹된 악성 앱 언패킹을 수행하고 시그니처 기반 탐지 도구인 Yara 를 통해 악성 앱에 사용된 패커를 식별하는 통합 악성 앱 언패킹 시스템을 제공하여 악성 앱을 이용한 범죄 대응에 도움을 줄 수 있을 것으로 기대된다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.374-376
• /
• 2022

The Malware App Analysis Tool is a system that analyzes Android-based apps by the AI-based algorithm defined in the tool and detects whether malware code is included. Currently, as the spred of smartphones is activated, crimes using malware apps have increased, and accordingly, security for malware apps is required. Android operating systems used in smartphones have a share of more than 70% and are open-source-based, so not only will there be many vulnerabilities and malware, but also more damage to malware apps, increasing demand for tools to detect and analyze malware apps. However, this paper is proposed because there are many difficulties in designing and developing a malware app analysis tool because the security functional requirements for the malware app analysis tool are not clearly specified. Through the developed protection profile, technology can be improved based on the design and development of malware app analysis tools, safety can be secured by minimizing damage to malware apps, and furthermore, trust in malware app analysis tools can be guaranted through common criteria.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1491-1498
• /
• 2017

As the use of smartphones and the launch of various apps have increased rapidly, the number of malicious apps has also increased, and the damage is continuing. The Google Market where Android apps are registered is inevitably present at the same time as normal apps and malicious apps even though there are regulations for app registration. Especially, as social networks are activated, users are connected with social networks, and the ratings, downloads and awareness information are reflected in the number of downloaded apps. As a result, when users choose their apps by simply reflecting ratings, popularity, popular comments, and highly-categorized apps, malicious app downloads can sometimes cause significant harm. Therefore, this study first analyzed the tendency of malicious apps by directly crawling and analyzing long-term social information in the currently active Android market.

• Journal of the Korea Convergence Society
• /
• v.8 no.3
• /
• pp.49-61
• /
• 2017

Recently, convenience and usability are increasing with the development and deployment of various mobile applications on the Android platform. However, important information stored in the smartphone is leaked to the outside without knowing the user since the malicious mobile application is continuously increasing. A variety of mobile vaccines have been developed for the Android platform to detect malicious apps. Recently discovered server-based polymorphic(SSP) malicious mobile apps include obfuscation techniques. Therefore, it is not easy to detect existing mobile vaccines because some other form of malicious app is newly created by using SSP mechanism. In this paper, we analyze the correlation between the similarity of the method in the DEX file constituting the core malicious code and the permission similarity measure through APK de-compiling process for the SSP malicious app. According to the analysis results of DEX method similarity and permission similarity, we could extract the characteristics of SSP malicious apps and found the difference that can be distinguished from the normal app.