• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.19-26
• /
• 2014

Mobile malicious code is typically spread by the worm, and although modeling techniques to analyze the dispersion characteristics of the worms have been proposed, only macroscopic analysis was possible while there are limitations in predicting on certain viruses and malicious code. In this paper, prediction methods have been proposed which was based on Markov chain and is able to predict the occurrence of future malicious code by utilizing the past malicious code data. The average value of the malicious code to be applied to the prediction model of Markov chain model was applied by classifying into three categories of the total average, the last year average, and the recent average (6 months), and it was verified that malicious code prediction possibility could be increased by comparing the predicted values obtained through applying, and applying the recent average (6 months).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.455-457
• /
• 2021

App is used on mobile devices such as smartphones and also has malicious code, which can be divided into normal and malicious depending on the presence or absence of hacking codes. Because there are many kind of malware, it is difficult to detect directly, we propose a method to detect malicious app using AI. Most of the existing methods are to detect malicious app by extracting features from malicious app. However, the number of types have increased exponentially, making it impossible to detect malicious code. Therefore, we would like to propose two more methods besides detecting malicious app by extracting features from most existing malicious app. The first method is to learn normal app to extract normal's features, as opposed to the existing method of learning malicious app and find abnormalities (malicious app). The second one is an 'ensemble technique' that combines the existing method with the first proposal. These two methods need to be studied so that they can be used in future mobile environment.

• Journal of the Korea Convergence Society
• /
• v.8 no.3
• /
• pp.49-61
• /
• 2017

Recently, convenience and usability are increasing with the development and deployment of various mobile applications on the Android platform. However, important information stored in the smartphone is leaked to the outside without knowing the user since the malicious mobile application is continuously increasing. A variety of mobile vaccines have been developed for the Android platform to detect malicious apps. Recently discovered server-based polymorphic(SSP) malicious mobile apps include obfuscation techniques. Therefore, it is not easy to detect existing mobile vaccines because some other form of malicious app is newly created by using SSP mechanism. In this paper, we analyze the correlation between the similarity of the method in the DEX file constituting the core malicious code and the permission similarity measure through APK de-compiling process for the SSP malicious app. According to the analysis results of DEX method similarity and permission similarity, we could extract the characteristics of SSP malicious apps and found the difference that can be distinguished from the normal app.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.749-753
• /
• 2006

Since the appearance of the first computer virus in 1986, a significant number of new viruses has appeared every year. Recently, there has been a marked increase in the number of mobile malicious code(virus, worm, trojan) in Mobile devices(smart phone, PDA). As a growing number of people use mobile device, we have to prepare for coming mobile attacks. In this paper, we study trends and characteristics of mobile malicious code. And, we describe considerations of on-device and network security in mobile environment.

• Journal of Advanced Navigation Technology
• /
• v.17 no.5
• /
• pp.545-551
• /
• 2013

Packed technique makes difficult to respond quickly because the malicious-code is reduced size that easy to diffusion and changed code that make spend longer time for analysis. In this paper, we analysed the packing tool softwares and we proposed construction and detection methods of the packed technique for easy to analysis of the packed malicious code based on variation of entropy value.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.381-386
• /
• 2013

As the new variation malicious codes of android platform are drastically increasing, the preparation plan and response is needed. We proposed a high-interaction client honeypot that applied to the android platform. We designed flow for the system. Application plan and the function was analyze. Each detail module was optimized in the Android platform. The system is equipped with the advantage of the high-interaction client honeypot of PC environment. Because the management and storage server was separated it is more flexible and expanded.

• Journal of Korea Multimedia Society
• /
• v.21 no.1
• /
• pp.26-33
• /
• 2018

As financial transactions using mobile devices have been activated, mobile payment services have appeared and many changes have been made to the existing financial service methods. Due to the simplified payment method of mobile payment service, security threats such as personal information leakage, phishing damage, and malicious code are increasing. Research that can solve this is needed. In this paper, we discuss the features and security factors of mobile payment system. In order to improve the security of mobile payment system, we propose a fault analysis method based on frequency of occurrence using Fault Fishbone Analysis(FFA) technique.

• Journal of Software Assessment and Valuation
• /
• v.15 no.1
• /
• pp.11-24
• /
• 2019

Using cross-platform development frameworks, mobile app developers can easily implement mobile apps for multiple platforms in one step. The frameworks also provides adversaries with the ability to write malicious code once, and then run it anywhere for other platforms. In this paper, we analyze the ratio of benign and malicious apps written by cross-platform development frameworks for Android apps collected from AndroZoo's site. The analysis results show that the percentage of benign apps written in the frameworks continues to increase, accounting for 45% of all benign apps in 2018. The percentage of malicious apps written in the frameworks accounted for 25% of all malicious apps in 2015, but that percentage has declined since then. This study provides useful information to make a suitable choice when app developers face several challenges in cross platform app development.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.53-60
• /
• 2020

At the present stage of the fourth industrial revolution, machine learning and artificial intelligence technologies are rapidly developing, and there is a movement to apply machine learning technology in the security field. Malicious code, including new and transformed, generates an average of 390,000 a day worldwide. Statistics show that security companies ignore or miss 31 percent of alarms. As many malicious codes are generated, it is becoming difficult for humans to detect all malicious codes. As a result, research on the detection of malware and network intrusion events through machine learning is being actively conducted in academia and industry. In international conferences and journals, research on security data analysis using deep learning, a field of machine learning, is presented. have. However, these papers focus on detection accuracy and modify several parameters to improve detection accuracy but do not consider the ratio of dataset. Therefore, this paper aims to reduce the cost and resources of many machine learning research by finding the ratio of dataset that can derive the highest detection accuracy in CNN Mobile net-based malware detection model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.45-55
• /
• 2019

DEX file and share objects (also known as the SO file) are important components that define the behaviors of an Android application. DEX file is implemented in Java code, whereas SO file under ELF file format is implemented in native code(C/C++). The two layers - Java and native can communicate with each other at runtime. Malicious applications have become more and more prevalent in mobile world, they are equipped with different evasion techniques to avoid being detected by anti-malware product. To avoid static analysis, some applications may perform malicious behavior in native code that is difficult to analyze. Existing researches fail to extract the call relationship which includes both Java code and native code, or can not analyze multi-DEX application. In this study, we design and implement a system that effectively extracts the call relationship between Java code and native code by analyzing DEX file and SO file of Android application.