• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.4
• /
• pp.2180-2197
• /
• 2019

With the proliferation of the Android malicious applications, malware becomes more capable of hiding or confusing its malicious intent through the use of code obfuscation, which has significantly weaken the effectiveness of the conventional defense mechanisms. Therefore, in order to effectively detect unknown malicious applications on the Android platform, we propose DroidVecDeep, an Android malware detection method using deep learning technique. First, we extract various features and rank them using Mean Decrease Impurity. Second, we transform the features into compact vectors based on word2vec. Finally, we train the classifier based on deep learning model. A comprehensive experimental study on a real sample collection was performed to compare various malware detection approaches. Experimental results demonstrate that the proposed method outperforms other Android malware detection techniques.

• Journal of the Korea Society for Simulation
• /
• v.28 no.4
• /
• pp.67-74
• /
• 2019

As the market for Internet of Things (IoT) service grows, the security issue of the data from IoT devices becomes more important. In this paper, we implemented a cryptographic library for confidentiality of sensor data from Android Things based IoT services. The library made use of the SEED algorithm for encryption/decryption of data and we verified the library by implementing a service environment. With the library, the data is securely encrypted and stored in the database and the service environment is able to represent the current sensing status with the decrypted sensor data. The contribution of this work is in verifying the usability of SEED based encryption library by implementation in IoT sensor based service environment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.6
• /
• pp.123-129
• /
• 2013

Android file system is vulnerable to the external access of system resources via its arbitrary access mode and need user's control for SD and UMS medias due to its open architecture. In response to the device control, there is a drawback that its controlability is valid only in the case of embedded linux kernel with VDC function. Hence the solution is to directly implement VDC through system call, with another security module for device storage than system module being added to android system. In this paper the new method of android storage access control for personal information is proposed via VDC for mount system of storage. The access method for SD and UMS were implemented using VDC and mount mechanism. This access control system has been designed to control the granted users in kernel level if files are flowed out by copying. As a result, it was proved through testing that the access control system has exactly detected the write access operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.205-214
• /
• 2019

Android uses app cache files to improve app execution performance. However, this optimization technique may raise security issues that need to be examined. In this paper, we present a practical design of "Android app cache manipulation attack" to intentionally modify the cache files of a target app, which can be misused for stealing personal information and performing malicious activities on target apps. Even though the Android framework uses a checksum-based integrity check to protect app cache files, we found that attackers can effectively bypass such checks via the modification of checksum of the target cache files. To demonstrate the feasibility of our attack design, we implemented an attack tool, and performed experiments with real-world Android apps. The experiment results show that 25 apps (86.2%) out of 29 are vulnerable to our attacks. To mitigate app cache manipulation attacks, we suggest two possible defense mechanisms: (1) checking the integrity of app cache files; and (2) applying anti-decompilation techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1361-1372
• /
• 2017

If an external attacker takes from a victim's smartphone a copy of a secret application or an application to which fingerprinting technique is applied, secret information can be leaked or the legitimate user can be misunderstood as an illegal redistributor, which results in a serious security problem. To solve this problem, this paper proposes an Android application code protection scheme using fingerprint authentication and dynamic loading. The proposed scheme divides one application into CLR(Class LoadeR) and SED(SEperated Dex). CLR is an APK file with the ability to dynamically load the SED, and the SED is a file containing the classes required to run the application. The SED is stored inside the smartphone after being encrypted, and the SED can be decrypted only if the user is successfully authenticated using his or her fingerprint. The proposed scheme can protect the application code from the attacker who physically acquired user's smartphone.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.151-156
• /
• 2011

Google Android, which is one of the popular smart phone platforms, employs a security model based on application permissions. This model intends to reduce security threats by protecting inappropriate accesses to system resources from applications, but this model has a few problems. First, permission requested by an application cannot be granted selectively. Second, once the permission has been granted it is maintained until the application is uninstalled. Third, applications may acquire powerful permissions through user ID sharing without any notice to users. In order to overcome these limitations, we designed and implemented a flexible application permission management scheme. The goal of our scheme is to enhance security and user convenience while keeping compatibility to original platform. We also verified the operation of our scheme with real applications on Android emulator.

• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.27-35
• /
• 2018

This paper is a study to classify malicious applications in Android environment. And studying the threat and behavioral analysis of malicious Android applications. In addition, malicious apps classified by machine learning were performed as experiments. Android behavior analysis can use dynamic analysis tools. Through this tool, API Calls, Runtime Log, System Resource, and Network information for the application can be extracted. We redefined the properties extracted for machine learning and evaluated the results of machine learning classification by verifying between the overall features and the main features. The results show that key features have been improved by 1~4% over the full feature set. Especially, SVM classifier improved by 10%. From these results, we found that the application of the key features as a key feature was more effective in the performance of the classification algorithm than in the use of the overall features. It was also identified as important to select meaningful features from the data sets.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.6
• /
• pp.2188-2203
• /
• 2021

With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.21-29
• /
• 2015

As the number of malicious Android applications increases rapidly, many automatic analysis systems are proposed. Hoping to trigger as many malicious behaviors as possible, the automatic analysis systems are adopting random touch generation modules. In this paper, we propose how to differentiate real human touches and randomly generated touches. Through experiments, we figured out that the distance between two consecutive human touches is shorter than that of random generation module. Also we found that the touch speed of human is also limited. In addition, humans rarely touch the outer area of smartphone screen. By using statistics of human smartphone touch, we developed an algorithm to differentiate between human touches and randomly generated touches. We hope this research will help enhance automatic Android app analysis systems.