JOURNAL BROWSE
Search
Advanced SearchSearch Tips
A Scheme for Identifying Malicious Applications Based on API Characteristics
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
A Scheme for Identifying Malicious Applications Based on API Characteristics
Cho, Taejoo; Kim, Hyunki; Lee, Junghwan; Jung, Moongyu; Yi, Jeong Hyun;
  PDF(new window)
 Abstract
Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.
 Keywords
Android Malware;Android Repackaging Attack;API Classification;Naive Bayes Classification;
 Language
Korean
 Cited by
 References
1.
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, "A Study of Android Application Security," Proceedings of the 20th USENIX conference on Security, p.21-21, Aug. 2011.

2.
J. H. Jung, J. Y. Kim, H. C. Lee, and J. H. Yi, "Repackaging Attack on Android Banking Applications and Its Countermeasures," Journal of Wireless Personal Communications, vol.73, pp. 1421-1437, June 2013. crossref(new window)

3.
T. J. Cho, G. B. Na, D. G. Lee, and J. H. Yi "Account Forgery and Privilege Escalation Attacks on Android Home Cloud Devices," Advanced Science Letters, vol. 21, pp. 381-386, Mar. 2015. crossref(new window)

4.
C. Collberg and J. Nagra. "Surreptitious Software: Obfuscation, Watermarking, and Tamper Proofing for Software Protection," Addison Wesley Professional, 2009.

5.
C .Collberg, C.Thomborson, and D.Low, "A Taxonomy of Obfuscating Transformations," Technical report 148, Department of computer science, the University of Auckland, Auckland, New Zealand, 1997.

6.
F. Zhang, H. Huang, S, Zhu, D. Wu, and P. Liu, "ViewDroid: towards obfuscation- resilient mobile application repackaging detection," Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, pp.25-36, July 2014.

7.
DEX File Format, http://source.android.com/devices/tech/dalvik/dex-format. html

8.
Android API Reference, http://developer.android.com/reference/

9.
A. McCallum and K. Nigam, "A comparison of event models for naive bayes text classification," AAAI-98 Workshop on Learning for Text Categorization, Vol. 752, pp. 41-48, 1998.

10.
D. Pavlov, R. Balasubramanyan, S. Kapur, and J. Parikh, "Document preprocessing for naive Bayes classification and clustering with mixture of multinomials," Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, pp.829-834, Aug. 2004.

11.
ASMDEX, http://asm.ow2.org/asmdex-index.html

12.
Bytecode, http://source.android.com/devices/tech/dalvik/dalvik-bytecode.html

13.
Contagio, http://contagiominidump.blogspot.kr/

14.
VirusShare, http://virusshare.com/

15.
Apktool, http://ibotpeaches.github.io/Apktool/

16.
Anubis, https://anubis.iseclab.org/

17.
Virus Bulletin, http://www.virusbtn.com/resources/glossary/malware.xml