The KIPS Transactions:PartA (정보처리학회논문지A)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A String Analysis based System for Classifying Android Apps Accessing Harmful Sites

유해 사이트를 접속하는 안드로이드 앱을 문자열 분석으로 검사하는 시스템

  • 최광훈 (연세대학교 컴퓨터정보통신공학부) ;
  • 고광만 (지대학교 컴퓨터정보공학부) ;
  • 박희완 (한라대학교 정보통신방송공학부) ;
  • 윤종희 (강릉원주대학교 컴퓨터공학과)
  • Received : 2012.04.09
  • Accepted : 2012.07.16
  • Published : 2012.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes a string analysis based system for classifying Android Apps that may access so called harmful sites, and shows an experiment result for real Android apps on the market. The system first transforms Android App binary codes into Java byte codes, it performs string analysis to compute a set of strings at all program points, and it classifies the Android App as bad ones if the computed set contains URLs that are classified because the sites provide inappropriate contents. In the proposed approach, the system performs such a classification in the stage of distribution before installing and executing the Apps. Furthermore, the system is suitable for the automatic management of Android Apps in the market. The proposed system can be combined with the existing methods using DNS servers or monitoring modules to identify harmful Android apps better in different stages.

안드로이드 기반 스마트폰 앱의 바이너리 코드를 오프라인 상에서 분석하여 유해 사이트 목록에 포함된 서버에 접속하는지 여부를 판단하는 시스템을 제안하고, 실제 앱에 대해 적용한 실험 결과를 제시한다. 주어진 앱의 바이너리 코드를 Java 바이트 코드로 역 컴파일하고, 문자열 분석을 적용하여 프로그램에서 사용하는 모든 문자열 집합을 계산한 다음, 유해 매체물을 제공하는 사이트 URL을 포함하는지 확인하는 방법이다. 이 시스템은 앱을 실행하지 않고 배포 단계에서 검사할 수 있고 앱 마켓 관리에서 유해 사이트를 접속하는 앱을 분류하는 작업을 자동화 할 수 있는 장점이 있다. DNS 서버를 이용하거나 스마트폰에 모니터링 모듈을 설치하여 차단하는 기존 방법들과 서로 다른 단계에서 유해 앱을 차단함으로써 상호 보완할 수 있는 방법이 될 수 있다.

Keywords

References

  1. Ministry of Gender Equality & Family, A Comprehensive Survey Report on Young People's Contact with Harmful Environment, November, 2011.
  2. Deokgi Jung, Cutoff Apparatus for URL-based Harmful Site Access in LAN Environment and Method Thereof, Pub. No.KR10-2009-0031370, 2009.
  3. Hangyeon Song and Misim Kim, System and Method for Blocking Harmfulness Equipped Blocking Application Against Harmful Website and Application, Pub. No.KR10-2010-0066841 2010.
  4. Dalvik Technical Information, http://source.android.com/tech/dalvik/.
  5. Tools to work with android .dex and java .class files, http://code.google.com/p/dex2jar/.
  6. Aske Simon Christensen, Anders Moller, and Michael I. Schwartzbach, "Precise Analysis of String Expressions," in Proceedings of 10th International Static Analysis Symposium (SAS), LNCS, Vol.2694, Springer-Verlag, June, 2003.
  7. IETF, Uniform Resource Locators, RFC 1738.
  8. Damien Octeau, William Enck, Patrick McDaniel, "The ded Decompiler," Technical Report NAS-TR-0140-2010, The Pennsylvania State University, September, 2010.
  9. Smali: an Assembler/Disassembler for Android's dex format, http://code.google.com/p/smali/.
  10. Tae-Hyoung Choi, Oukseh Lee, Hyunha Kim, and Kyung-Goo Doh, "A Practical String Analyzer by the Widening Approach," in Proceedings of the Fourth ASIAN Symposium on Programming Languages and Systems, LNCS, Vol.4279, pp.374-388, Springer, Sydney, Australia, 2006.
  11. Kyung-Goo Doh, Hyunha Kim, and David A. Schmidt, "Abstract Parsing: Static Analysis of Dynamically Generated String Output Using LR-Parsing Technology," in Proceedings of the 16th International Symposium on Static Analysis, pp.256-272, Los Angeles, CA, August, 2009.
  12. Vallee-Rai, Raja and Gagnon, Etienne and Hendren, Laurie J. and Lam, Patrick and Pominville, Patrice and Sundaresan, Vijay, "Optimizing Java Bytecode Using the Soot Framework: Is It Feasible?," in Proceedings of the 9th International Conference on Compiler Construction, pp.18-34, Springer, London, UK, 2000.
  13. William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri, "A Study of Android Application Security," in Proceedings of the 20th USENIX Conference on Security, pp.21-21, USENIX Association, Berkeley, CA, USA, 2011.
  14. Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Nikhilesh Reddy, Yixin Zhu, Jeffrey S. Foster, and Todd Millstein, "Dr. Android and Mr. Hide: Fine-grained Security Policies on Unmodified Android," Technical Report CS-TR-5006, Dept. of Computer Science, University of Maryland, College Park, 2011.
  15. Wontae Sim, Jong-Myoung Kim, Jae-cheol Ryou, and Bongnam Noh, "Android Application Analysis Method for Malicious Activity Detection," Journal of the Korea Institute of Information Security and Cryptology, Vol.21, No.1, February, 2011.

Cited by

  1. A Study for Blocking Harmful Contents through a Local Proxy on Android vol.12, pp.2, 2013, https://doi.org/10.9716/KITS.2013.12.2.103