• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.817-827
• /
• 2015

In this modern society, people are having a close relationship with smartphone. This makes easier for hackers to gain the user's information by installing the malware in the user's smartphone without the user's authority. This kind of action are threats to the user's privacy. The malware characteristics are different to the general applications. It requires the user's authority. In this paper, we proposed a new classification method of user requirements method by each application using the Principle Component Analysis(PCA) and Probabilistic K-Nearest Neighbor(PKNN) methods. The combination of those method outputs the improved result to classify between malware and general applications. By using the K-fold Cross Validation, the measurement precision of PKNN is improved compare to the previous K-Nearest Neighbor(KNN). The classification which difficult to solve by KNN also can be solve by PKNN with optimizing the discovering the parameter k and ${\beta}$. Also the sample that has being use in this experiment is based on the Contagio.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.11
• /
• pp.427-432
• /
• 2019

In this paper, we propose three approaches to modeling Android malware. The first method involves human security experts for meticulously selecting feature sets. With the second approach, we choose 300 features with the highest importance among the top 99% features in terms of occurrence rate. The third approach is to combine multiple models and identify malware through weighted voting. In addition, we applied a novel method of eliminating permission information which used to be regarded as a critical factor for distinguishing malware. With our carefully generated feature sets and the weighted voting by the ensemble algorithm, we were able to reach the highest malware detection accuracy of 97.8%. We also verified that discarding the permission information lead to the improvement in terms of false positive and false negative rates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1235-1241
• /
• 2016

Personalized App recommendation system is recently famous since the number of various apps that can be used in smart phones that increases exponentially. However, the site users using google play site with malwares have experienced severe damages of privacy exposure and extortion as well as a simple damage of satisfaction descent at the same time. In addition, Sybil attack (Sybil) manipulating the score (rating) of each app with falmay also present because of the social networks development. Up until now, the sybil detection studies and malicious apps studies have been conducted independently. But it is important to determine finally the existence of intelligent attack with Sybil and malware simultaneously when we consider the intelligent attack types in real-time. Therefore, in this paper we experimentally evaluate the relationship between malware and sybils based on real cralwed dataset of goodlplay. Through the extensive evaluations, the correlation between malware and sybils is low for malware providers to hide themselves from Anti-Virus (AV).

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.981-983
• /
• 2012

많은 사용자 들이 스마트폰을 사용하고 있으며 다양한 앱을 국 내외 앱 스토어를 통해 다운로드하여 사용하고 있다. 앱 스토어를 이용하여 배포되는 앱들은 개별 앱 스토어의 검증 체계를 통해 검증을 받고 있으나, 그 방법이 공통적이지 않다. 심지어 앱 스토어가 아닌 다른 방법을 통하여 앱을 설치 사용하고 있어, 다양한 악성 앱으로 인한 위협에 노출되어 있다. 본 논문에서는 검증된 앱을 화이트리스트에 등록, 관리하여 사용자들에게 검증된 앱을 설치 사용하게 하기 위한 방법을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.257-259
• /
• 2018

모바일 환경이 발전함에 따라 기존 PC 환경에서의 보안 위협이 모바일 환경으로 옮겨 짐으로써, 기존 PC 환경에서 발생하던 악성 광고 인젝션 또한 모바일 환경으로 옮겨져 가고 있다. 악성 광고 인젝션은 컨텐츠 제공자에게 정당한 광고의 노출을 방해함으로써 수익 창출을 방해하고, 사용자에게는 원치 않는 광고로 인해 불편함을 야기한다. 이러한 모바일 환경에서의 악성 광고 인젝션을 막기 위해 몇 가지 연구가 진행되었지만 아직 악성 광고 인젝션 앱의 특징에 대한 연구가 미비하다. 따라서, 본 논문에서는 GPC(Google Play Crawler)를 통해 선별한 앱들 중 실제로 악성 광고 인젝션을 수행하는 앱들을 분석하여 악성 광고 앱들의 특징을 도출해 내고, 도출된 특징의 활용 방안에 대해 서술한다.

• Journal of KIISE
• /
• v.44 no.4
• /
• pp.352-362
• /
• 2017

This paper analyzes security threats in Security Enhanced (SE) Android and proposes a new technique to efficiently protect application data including private information on rooted Android phones. On an unrooted device, application data can be accessed by the application itself according to the access control models. However, on a rooted device, a root-privileged shell can disable part or all of the access control model enforcement procedures. Therefore, a root-privileged shell can directly access sensitive data of other applications, and a malicious application can leak the data of other applications outside the device. To address this problem, the proposed technique allows only some specific processes to access to the data of other applications including private information by modifying the existing SEAndroid Linux Security Module (LSM) Hook function. Also, a new domain type of process is added to the target system to enforce stronger security rules. In addition, the proposed technique separates the directory type of a newly installed application and the directory type of previously installed applications. Experimental results show that the proposed technique can effectively protect the data of each application and incur performance overhead up to or less than 2 seconds.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.267-272
• /
• 2014

Customers who register at mobile banking service through startphone has 40Mil in first quarter of 2014, which was increased 8.5%(3.6Mil) compare to figure from end of year 2013. Average 1 trillion 627.6billion won is dealing through smartphone banking in daily and three for increased psychological bullying caused by malignant code which change normality to malignant. The results of the analysis current state of affairs of personal information collection management authority required in finance smartphone app service and also recommend solution for protecting finance consumers plans to minimized collecting personal information in smartphone finance app service.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.5
• /
• pp.309-316
• /
• 2014

It is easy to reverse engineer an Android app package file(APK) and get its decompiled source code. Therefore, attackers obtains economic benefits by illegally using the decompiled source code, or modifies an app by inserting malware. To address these problems in Android, we propose an APK overwrite scheme that protects apps against illegal modification of themselves by using a new anti-reverse engineering technique. In this paper, the targets are the apps which have been written by any programmer. For a target app (original app), server system (1) makes a copy of a target app, (2) encrypts the target app, (3) creates a stub app by replacing the DEX (Dalvik Executable) of the copied version with our stub DEX, and then (4) distributes the stub app as well as the encrypted target app to users of smartphones. The users downloads both the encrypted target app and the corresponding stub app. Whenever the stub app is executed on smartphones, the stub app and our launcher app decrypt the encrypted target app, overwrite the stub app with the decrypted target one, and executes the decrypted one. Every time the target app ends its execution, the decrypted app is deleted. To verify the feasibility of the proposed scheme, experimentation with several popular apps are carried out. The results of the experiment demonstrate that our scheme is effective for preventing reverse engineering and tampering of Android apps.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.21-29
• /
• 2015

As the number of malicious Android applications increases rapidly, many automatic analysis systems are proposed. Hoping to trigger as many malicious behaviors as possible, the automatic analysis systems are adopting random touch generation modules. In this paper, we propose how to differentiate real human touches and randomly generated touches. Through experiments, we figured out that the distance between two consecutive human touches is shorter than that of random generation module. Also we found that the touch speed of human is also limited. In addition, humans rarely touch the outer area of smartphone screen. By using statistics of human smartphone touch, we developed an algorithm to differentiate between human touches and randomly generated touches. We hope this research will help enhance automatic Android app analysis systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.17-30
• /
• 2015

Unlike existing widely used bytecode-centric Android application code obfuscation methodology, our scheme in this paper makes encrypted file i.e. DEX file self-extracted arbitrary Android application. And then suggests a method regarding making the loader app to execute encrypted file's code after saving the file in arbitrary folder. Encrypted DEX file in the loader app includes original code and some of Manifest information to conceal event treatment information. Loader app's Manifest has original app's Manifest information except included information at encrypted DEX. Using our scheme, an attacker can make malicious code including obfuscated code to avoid anti-virus software at first. Secondly, Software developer can make an application with hidden main algorithm to protect copyright using suggestion technology. We implement prototype in Android 4.4.2(Kitkat) and check obfuscation capacity of malicious code at VirusTotal to show effectiveness.