• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.4
• /
• pp.177-180
• /
• 2013

A software birthmark means inherent characteristics that can be used to identify a program. Because the software birthmark is difficult to remove by simple program transformation, it can be used to detect code theft. In this paper, we propose a birthmark technique based on API k-gram of Android applications. Android SDK provides various libraries that help programmers to develop application easily. In order to use Android SDK, we have to use API method calls. The API call instructions are hard to be replaced or removed, so they can be a inherent characteristics of an application. To show the effectiveness of the proposed birthmark, we compared it with previous birthmarks and evaluated it with open source applications. From the experiments, we verified that the credibility and resilience of our birthmark is higher than previous birthmarks.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.5
• /
• pp.945-952
• /
• 2023

In this paper, GRS chip driven JNI code application SW design based on Android platform was designed and fabricated as motion gesture frame module based on Android platform. The serial data reception module design proposed by the application-based network support API technology was designed with Android-based module design, Android-based module implementation, and Android-based function module implementation design. The data information of the sensor could be checked through Android applications such as classes of serial communication drivers, libraries, and frameworks for receiving data from wireless communication devices through Android OS applications. In addition, applications in Android implement application SW that can judge motion gestures in four directions using Java.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.60-63
• /
• 2010

최근 모바일 플랫폼으로 부상하고 있는 Google사의 안드로이드는 2008년 9월에 안드로이드의 첫 번째 공식 SDK 버전 1.0을 출시하여 현재(2010년 3월) SDK 버전 2.1까지 출시하였다. 안드로이드 플랫폼에서 블루투스 디바이스를 제어하기 위해 개발자들은 Android SDK의 Bluetooth API가 필요하게 되는데 이는 1.0~1.6버전까지는 지원 되지 않고 2.0 버전부터 공개가 되었다. 하지만 문제점은 안드로이드 2.0이 발표되기 이전에 나왔던 대부분의 안드로이드 단말은 2.0 업데이트 펌웨어를 현재까지도 지원하지 않고 있다는 것에 있다. Bluetooth API는 Android SDK 2.0 버전 이상에서만 사용 가능하기 때문에 개발자들이 개발한 블루투스 어플리케이션의 최소 펌웨어 버전 요구사항이 2.0 이상 일 수밖에 없는 것이다. 이 연구에서는 안드로이드 1.x 버전에서 사용될 수 있는 블루투스 API의 개발에 대해 알아보고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.1
• /
• pp.454-475
• /
• 2018

This paper presents a novel Android malware classification model planned to classify and categorize Android malicious code at Drebin dataset. The amount of malicious mobile application targeting Android based smartphones has increased rapidly. In this paper, Restricted Boltzmann Machine and Deep Belief Network are used to classify malware into families of Android application. A texture-fingerprint based approach is proposed to extract or detect the feature of malware content. A malware has a unique "image texture" in feature spatial relations. The method uses information on texture image extracted from malicious or benign code, which are mapped to uncompressed gray-scale according to the texture image-based approach. By studying and extracting the implicit features of the API call from a large number of training samples, we get the original dynamic activity features sets. In order to improve the accuracy of classification algorithm on the features selection, on the basis of which, it combines the implicit features of the texture image and API call in malicious code, to train Restricted Boltzmann Machine and Back Propagation. In an evaluation with different malware and benign samples, the experimental results suggest that the usability of this method---using Deep Belief Network to classify Android malware by their texture images and API calls, it detects more than 94% of the malware with few false alarms. Which is higher than shallow machine learning algorithm clearly.

• Journal of Digital Convergence
• /
• v.9 no.2
• /
• pp.131-140
• /
• 2011

As the recent advances in network and wireless communications and semiconductor design and process technologies, our computing platform is rapidly shifting from desktop PCs to mobile devices such as UMPC (Ultra Mobile PC), Tablet PC, and Smartphone. Especially, wide-spreading Smartphones allow a new field of application based on location based services available with an user interface called augmented reality (AR). Therefore, this paper introduces an implementation of AR using various OpenAPls on Android Smartphones. In order to utilize enrich user data in real time, the system integrates with location based social network services also with OpenAPI. These APIs enable third-party developers to make use of rich contents of many portal web sites. The prototype was implemented on the real Android phone, Sky Sirius, and the result shows that it can provide an efficient location based service using AR technology without any constraints on mobile devices; in addition, it connects SNS to AR for sharing user data including photos, videos, and messages based on a specific location.

• Journal of KIISE
• /
• v.41 no.9
• /
• pp.707-714
• /
• 2014

In general, the benign apps transmit privacy information to the external to provide service to users as the malicious app does. In other words, the behavior of benign apps is similar to the one of malicious apps. Thus, the benign app can be easily manipulated for malicious purposes. Therefore, the malicious apps as well as the benign apps should notify the users of the possibility of privacy information leakage before installation to prevent the potential malicious behavior. In this paper, We propose the method to detect leakage of privacy information on the android app by analyzing API inter-dependency and shortest distance. Also, we present LeakDroid which detects leakage of privacy information on Android with the above method. Unlike dynamic approaches, LeakDroid analyzes Android apps on market site. To verify the privacy information leakage detection of LeakDroid, we experimented the well-known 250 malicious apps and the 1700 benign apps collected from Android Third party market. Our evaluation result shows that LeakDroid reached detection rate of 96.4% in the malicious apps and detected 68 true privacy information leakages inside the 1700 benign apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.187-196
• /
• 2016

Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.105-115
• /
• 2019

Recently, intelligent Android malicious codes have become difficult to detect malicious behavior by static analysis alone. Malicious code with SO file, dynamic loading, and string obfuscation are difficult to extract information about original code even with various tools for static analysis. There are many dynamic analysis methods to solve this problem, but dynamic analysis requires rooting or emulator environment. However, in the case of dynamic analysis, malicious code performs the rooting and the emulator detection to bypass the analysis environment. To solve this problem, this paper investigates a variety of root detection schemes and builds an environment for bypassing the rooting detection in real devices. In addition, SDK code hooking module for Android malicious code analysis is designed using Xposed, and intent tracking for code flow, dynamic loading file information, and various API information extraction are implemented. This work will contribute to the analysis of obfuscated information and behavior of Android Malware.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1235-1242
• /
• 2019

While several machine learning technique has been implemented for Android malware categorization, there is still difficulty in analyzing due to overfitting problem and including of un-executable code, etc. In this paper, we introduce our implemented tool to address these problems. Tool is consists of approximately 1,500 lines of Java code, and perform Flow analysis on set of APIs, or on control flow graph. Our tool groups all the API by its relationship and only perform analysis on actually executing code. Using our tool, we grouped 39032 APIs into 4972 groups, and 12123 groups with result of including class names. We collected 7,000 APKs from 7 families and evaluated our feature reduction technique, and we also reduced features again with selecting APIs that have frequency more than 20%. We finally reduced features to 263-numbers of feature for our collected APKs.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.267-268
• /
• 2023

본 논문은 안드로이드에서 화면 캡쳐와 OCR을 통한 실시간 번역 애플리케이션 개발을 주제로 한다. 코틀린으로 개발된 애플리케이션은 사용자가 원하는 화면 영역을 캡쳐하여 해당 텍스트를 OCR로 추출하고, 구글 Cloud Vision API와 Cloud Translation API를 활용해 번역한다. 이를 통해 외국어 애플리케이션 사용의 편의성을 향상시키고, 정보의 이해와 공유를 도울 수 있음을 제시한다. 이 기술은 더욱 다양한 분야에서의 활용 가능성을 열어놓고 있다.