• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.387-388
• /
• 2019

As malicious apps vary significantly across Android malware, it is challenging to prevent that the end-users download apps from unsecured app markets. In this paper, we propose an approach to classify the malicious methods based on permissions using Long Short Term Memory (LSTM) that is used to embed the semantics among Intent and permissions. Then the malicious method that is an unsecured method will be removed and re-uploaded to official market. This approach may induce that the end-users download apps from official market in order to reduce the risk of attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.643-653
• /
• 2018

Xamarin is a representative cross-platform development framework that allows developers to write mobile apps in C# for multiple mobile platforms, such as Android, iOS, or Windows Phone. Using Xamarin, mobile app developers can reuse existing C# code and share significant code across multiple platforms, reducing development time and maintenance costs. Meanwhile, malware authors can also use Xamarin to spread malicious apps on more platforms, minimizing the time and cost of malicious app creation. In order to cope with this problem, it is necessary to analyze and detect malware written with Xamarin. However, little studies have been conducted on static analysis methods of the apps written in Xamarin. In this paper, we examine the structure of Android apps written with Xamarin and propose a static analysis technique for the apps. We also demonstrate how to statically reverse-engineer apps that have been transformed using code obfuscation. Because the Android apps written with Xamarin consists of Java bytecode, C# based DLL libraries, and C/C++ based native libraries, we have studied static reverse engineering techniques for these different types of code.

• Journal of the Korea Convergence Society
• /
• v.8 no.4
• /
• pp.25-36
• /
• 2017

As smartphone users have increased in recent years, various applications have been developed and used especially for Android-based mobile devices. However, malicious applications developed by attackers for malicious purposes are also distributed through 3rd party open markets, and damage such as leakage of personal information or financial information of users in mobile terminals is continuously increasing. Therefore, to prevent this, a method is needed to distinguish malicious apps from normal apps for Android-based mobile terminal users. In this paper, we analyze the existing researches that detect malicious apps by extracting the system call events that occur when the app is executed. Based on this, we propose a technique to identify malicious apps by analyzing the sequence similarity of kernel layer events occurring in the process of running an app on commercial Android mobile devices.

• Journal of Korea Multimedia Society
• /
• v.17 no.5
• /
• pp.601-612
• /
• 2014

As the more people use smart phones, the interest in the apps gets the higher. Studies such as App Inventor, app generation methods using templates provide app development process with app development methods by substituting programming work. However, the realm of producible apps is limited and there are a lot of set up operations and input informations. Also, there is lack of support for smart phone sensors that are in a high demand of utilization. This paper proposed an android app development method for resolving existing problems, and implemented an accompanying app development tool. When the proposed app development method derived through combination of function modules and sensor modules is used, it's possible to produce apps with minimal user inputs, and to use sensors easily. Also, because it is simple to identify overall flow of app execution, and functions addible to the app are provided for users by units of module, it is possible to develop apps quickly.

• Journal of KIISE
• /
• v.43 no.2
• /
• pp.212-221
• /
• 2016

Android apps suffer from intent vulnerabilities in that they abnormally stop execution when Android components such as, activity, service, and broadcast receiver, take malformed intents. This paper proposes a method to prevent intent vulnerabilities by allowing programmers to write a specification on intents that a component expects to have, and by checking intents against the specification in runtime. By declaring intent specifications, we can solve the problem that one may miss writing conditional statements, which check the validity of intents, or one may mix those statements with another regular code, so making it difficult to maintain them. We perform an experiment by applying the proposed method to 7 Android apps, and confirm that many of abnormal termination of the apps because of malformed intents can be avoided by the intent specification based runtime assertion.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.700-708
• /
• 2015

A software birthmark is the set of characteristics of a program which can be used to identify the program. Many researchers have studied on detecting theft of java programs using some birthmarks. In case of Android apps, code obfuscation techniques are used to protect the apps against reverse-engineering and tampering. However, attackers can also use the obfuscation techniques in order to conceal a stolen program. A birthmark (feature) of an app can be alterable by code obfuscations. Therefore, it is necessary to detect Android app theft based on the birthmark which is resilient to code obfuscation. In this paper, we propose an effective Android app birthmark and app theft detection through the proposed birthmark. By analyzing some obfuscation tools, we have first selected parameter and the return types of methods as an adequate birthmark. Then, we have measured similarity of target apps using the birthmarks extracted from the apps, where some target apps are not obfuscated and the others obfuscated. The measurement results show that our proposed birthmark is effective for detecting Android app theft even though the apps are obfuscated.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.202-209
• /
• 2023

Android malware is now on the rise, because of the rising interest in the Android operating system. Machine learning models may be used to classify unknown Android malware utilizing characteristics gathered from the dynamic and static analysis of an Android applications. Anti-virus software simply searches for the signs of the virus instance in a specific programme to detect it while scanning. Anti-virus software that competes with it keeps these in large databases and examines each file for all existing virus and malware signatures. The proposed model aims to provide a machine learning method that depend on the malware detection method for Android inability to detect malware apps and improve phone users' security and privacy. This system tracks numerous permission-based characteristics and events collected from Android apps and analyses them using a classifier model to determine whether the program is good ware or malware. This method used the machine learning techniques KNN-SVM, DBN, and GRU in which help to find the accuracy which gives the different values like KNN gives 87.20 percents accuracy, SVM gives 91.40 accuracy, Naive Bayes gives 85.10 and DBN-GRU Gives 97.90. Furthermore, in this paper, we simply employ standard machine learning techniques; but, in future work, we will attempt to improve those machine learning algorithms in order to develop a better detection algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1457-1465
• /
• 2017

With the growing of smart devices market, malicious behavior has gradually expanded its scope. Accordingly, many studies have been conducted to analyze malicious apps and automated analysis tools have been released. However these tools cause the side effects that the application protection tools such as ProGuard, DexGuard become vulnerable to analyzers or attackers. This paper suggests the protection mechanism to apply to the Android apps using security token, rather than general-purpose protection solutions that can be applied in malicious apps. The main features of this technique are that Android app is not properly loaded in the memory when the security token is abnormal or is not inserted and protected parts using the technique are not exposed.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.3
• /
• pp.15-25
• /
• 2017

As the value and importance of softwares are growing up, software theft and piracy become a much larger problem. To tackle this problem, it is highly required to provide an accurate method for detecting software theft and piracy. Especially, while software theft is relatively easy in the case of Android applications (apps), screening illegal apps has not been properly performed in Android markets. In this paper, we propose a method to effectively measure the similarity between Android apps for detecting software theft at the executable file level. Our proposed method extracts method reference frequency and manifest information through static analysis of executable Android apps as the main features for similarity measurement. Each app is represented as an n-dimensional vectors with the features, and then cosine similarity is utilized as the similarity measure. We demonstrate the effectiveness of our proposed method by evaluating its accuracy in comparison with typical source code-based similarity measurement methods. As a result of the experiments for the Android apps whose source file and executable file are available side by side, we found that our similarity degree measured at the executable file level is almost equivalent to the existing well-known similarity degree measured at the source file level.