• Journal of Internet Computing and Services
• /
• v.14 no.6
• /
• pp.125-139
• /
• 2013

Distribution of malicious applications developed by attackers is increasing along with general normal applications due to the openness of the Android-based open market. Mechanism that allows more accurate ways to distinguish normal apps and malicious apps for common mobile devices should be developed in order to reduce the damage caused by the rampant malicious applications. This paper analysed the normal event pattern from the most highly used game apps in the Android open market to analyse the event pattern from normal apps and malicious apps of mobile devices that are based on the Android platform, and analysed the malicious event pattern from the malicious apps and the disguising malicious apps in the form of a game app among 1260 malware samples distributed by Android MalGenome Project. As described, experiment that extracts normal app and malicious app events was performed using Strace, the Linux-based system call extraction tool, targeting normal apps and malicious apps on Android-based mobile devices. Relevance analysis for each event set was performed on collected events that occurred when normal apps and malicious apps were running. This paper successfully extracted event similarity through this process of analyzing the event occurrence characteristics, pattern and distribution on each set of normal apps and malicious apps, and lastly suggested a mechanism that determines whether any given app is malicious.

• Journal of Korea Multimedia Society
• /
• v.23 no.5
• /
• pp.641-649
• /
• 2020

As the usage of mobile devices extremely increases, malicious mobile apps(applications) that target mobile users are also increasing. It is challenging to detect these malicious apps using traditional malware detection techniques due to intelligence of today's attack mechanisms. Deep learning (DL) is an alternative technique of traditional signature and rule-based anomaly detection techniques and thus have actively been used in numerous recent studies on malware detection. In order to develop DL-based defense mechanisms against intelligent malicious apps, feeding recent datasets into DL models is important. In this paper, we develop a DL-based model for detecting intelligent malicious apps using KU-CISC 2018-Android, the most up-to-date dataset consisting of benign and malicious Android apps. This dataset has hardly been addressed in other studies so far. We extract OPcode sequences from the Android apps and preprocess the OPcode sequences using an N-gram model. We then feed the preprocessed data into LSTM and apply the concept of Information Gain to improve performance of detecting malicious apps. Furthermore, we evaluate our model with numerous scenarios in order to verify the model's design and performance.

• Journal of the Korea Convergence Society
• /
• v.8 no.3
• /
• pp.49-61
• /
• 2017

Recently, convenience and usability are increasing with the development and deployment of various mobile applications on the Android platform. However, important information stored in the smartphone is leaked to the outside without knowing the user since the malicious mobile application is continuously increasing. A variety of mobile vaccines have been developed for the Android platform to detect malicious apps. Recently discovered server-based polymorphic(SSP) malicious mobile apps include obfuscation techniques. Therefore, it is not easy to detect existing mobile vaccines because some other form of malicious app is newly created by using SSP mechanism. In this paper, we analyze the correlation between the similarity of the method in the DEX file constituting the core malicious code and the permission similarity measure through APK de-compiling process for the SSP malicious app. According to the analysis results of DEX method similarity and permission similarity, we could extract the characteristics of SSP malicious apps and found the difference that can be distinguished from the normal app.

• Journal of the Korea Convergence Society
• /
• v.8 no.4
• /
• pp.25-36
• /
• 2017

As smartphone users have increased in recent years, various applications have been developed and used especially for Android-based mobile devices. However, malicious applications developed by attackers for malicious purposes are also distributed through 3rd party open markets, and damage such as leakage of personal information or financial information of users in mobile terminals is continuously increasing. Therefore, to prevent this, a method is needed to distinguish malicious apps from normal apps for Android-based mobile terminal users. In this paper, we analyze the existing researches that detect malicious apps by extracting the system call events that occur when the app is executed. Based on this, we propose a technique to identify malicious apps by analyzing the sequence similarity of kernel layer events occurring in the process of running an app on commercial Android mobile devices.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.217-221
• /
• 2021

Recent studies have indicated that mobile markets harbor applications (apps) that are either malicious or vulnerable, compromising millions of devices. Some studies indicate that 96% of companies' employees have used at least one malicious app. Some app stores do not employ security quality attributes regarding authorization, which is the function of specifying access rights to access control resources. However, well-defined access control policies can prevent mobile apps from being malicious. The problem is that those who oversee app market sites lack the mechanisms necessary to assess mobile app security. Because thousands of apps are constantly being added to or updated on mobile app market sites, these security testing mechanisms must be automated. This paper, therefore, introduces a new mechanism for testing mobile app security, using white-box testing in a way that is compatible with Bring Your Own Device (BYOD) working environments. This framework will benefit end-users, organizations that oversee app markets, and employers who implement the BYOD trend.

• Journal of Software Assessment and Valuation
• /
• v.15 no.1
• /
• pp.11-24
• /
• 2019

Using cross-platform development frameworks, mobile app developers can easily implement mobile apps for multiple platforms in one step. The frameworks also provides adversaries with the ability to write malicious code once, and then run it anywhere for other platforms. In this paper, we analyze the ratio of benign and malicious apps written by cross-platform development frameworks for Android apps collected from AndroZoo's site. The analysis results show that the percentage of benign apps written in the frameworks continues to increase, accounting for 45% of all benign apps in 2018. The percentage of malicious apps written in the frameworks accounted for 25% of all malicious apps in 2015, but that percentage has declined since then. This study provides useful information to make a suitable choice when app developers face several challenges in cross platform app development.

• Journal of information and communication convergence engineering
• /
• v.20 no.4
• /
• pp.280-287
• /
• 2022

Recently, the number of mobile ransomware types has increased. Moreover, the number of cases of damage caused by mobile ransomware is increasing. Representative damage cases include encrypting files on the victim's smart device or making them unusable, causing financial losses to the victim. This study classifies ransomware apps by analyzing several representative ransomware apps to identify trends in the malicious behavior of ransomware. We present a technique for recovering from the damage, from a digital forensic perspective, using reverse engineering ransomware apps to analyze vulnerabilities in malicious functions applied with various cryptographic technologies. Our study found that ransomware applications are largely divided into three types: locker, crypto, and hybrid. In addition, we presented a method for recovering the damage caused by each type of ransomware app using an actual case. This study is expected to help minimize the damage caused by ransomware apps and respond to new ransomware apps.

• Journal of Convergence for Information Technology
• /
• v.12 no.3
• /
• pp.17-24
• /
• 2022

Mobile malicious apps are increasing rapidly, and Android, which accounts for most of the global mobile OS market, is becoming a major target of mobile cyber security threats. Therefore, in order to cope with rapidly evolving malicious apps, there is a need for detection techniques of malicious apps using machine learning, one of artificial intelligence implementation technologies. In this paper, we propose a selected feature method using feature selection and feature extraction that can improve the detection performance of malicious apps. In the feature selection process, the detection performance improved according to the number of features, and the API showed relatively better detection performance than the permission. Also combining the two characteristics showed high precision of over 93% on average, confirming that the appropriate combination of characteristics could improve the detection performance.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.1-10
• /
• 2020

The mobile application based on the Android platform is simple to decompile, making it possible to create malicious applications similar to normal ones, and can easily distribute the created malicious apps through the Android third party app store. In this case, the Android malicious application in the smartphone causes several problems such as leakage of personal information in the device, transmission of premium SMS, and leakage of location information and call records. Therefore, it is necessary to select a optimal model that provides the best performance among the machine learning techniques that have published recently, and provide a technique to automatically identify malicious Android apps. Therefore, in this paper, after adopting the feature engineering to Android apps on official test set, a total of four performance evaluation experiments were conducted to select the machine learning model that provides the optimal performance for Android malicious app detection.

• Journal of Internet of Things and Convergence
• /
• v.6 no.4
• /
• pp.65-72
• /
• 2020

In this paper, we developed a web-based DApp system based on a private blockchain by applying machine learning techniques to automatically identify Android malicious apps that are continuously increasing rapidly. The optimal machine learning model that provides 96.2587% accuracy for Android malicious app identification was selected to the authorized experimental data, and automatic identification results for Android malicious apps were recorded/managed in the Hyperledger Fabric blockchain system. In addition, a web-based DApp system was developed so that users who have been granted the proper authority can use the blockchain system. Therefore, it is possible to further improve the security in the Android mobile app usage environment through the development of the machine learning-based Android malicious app identification block chain DApp system presented. In the future, it is expected to be able to develop enhanced security services that combine machine learning and blockchain for general-purpose data.