Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Android Malware Detection using Selected Features

선별된 특성 정보를 이용한 안드로이드 악성 앱 탐지 연구

  • Myeong, Sangjoon (Graduate School of Information and Communication Technology, Ajou University) ;
  • Kim, Kangseok (Department of Cyber Security, Ajou University)
  • 명상준 (아주대학교 정보통신대학원 사이버보안전공) ;
  • 김강석 (아주대학교 사이버보안학과)
  • Received : 2022.01.10
  • Accepted : 2022.03.20
  • Published : 2022.03.28
Download PDF
⟨ Previous Next ⟩

Abstract

Mobile malicious apps are increasing rapidly, and Android, which accounts for most of the global mobile OS market, is becoming a major target of mobile cyber security threats. Therefore, in order to cope with rapidly evolving malicious apps, there is a need for detection techniques of malicious apps using machine learning, one of artificial intelligence implementation technologies. In this paper, we propose a selected feature method using feature selection and feature extraction that can improve the detection performance of malicious apps. In the feature selection process, the detection performance improved according to the number of features, and the API showed relatively better detection performance than the permission. Also combining the two characteristics showed high precision of over 93% on average, confirming that the appropriate combination of characteristics could improve the detection performance.

모바일 악성 앱이 급증하고 있으며, 전 세계 모바일 OS 시장의 대부분을 차지하고 있는 안드로이드가 모바일 사이버 보안 위협의 주요 대상이 되고 있다. 따라서 빠르게 진화하는 악성 앱에 대응하기 위해 인공지능 구현기술 중 하나인 기계학습을 활용한 악성 앱 탐지 기법의 필요성이 대두되고 있다. 본 논문은 악성 앱의 탐지성능을 향상할 수 있는 특성 선택 및 특성 추출을 이용한 특성 선별 방법을 제안하였다. 특성 선별 과정에서 특성 개수에 따라 탐지 성능이 향상되었으며, 권한보다 API가 상대적으로 좋은 탐지 성능을 보였고, 두 특성을 조합하면 평균 93% 이상의 높은 탐지 정밀도를 보여 적절한 특성의 조합이 탐지 성능을 높일 수 있음을 확인하였다.

Keywords

Acknowledgement

This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIT: Ministry of Science and ICT) (No. NRF-2019R1F1A1059036).

References

  1. R. Shafin et al. (2020). Artificial intelligence-enabled cellular networks: A critical path to beyond-5g and 6g, IEEE Wireless Communications, 27(2), 212-217. https://doi.org/10.1109/mwc.001.1900323
  2. McAfee. (2021). McAfee Mobile Threat Report 2021.
  3. Statcounter Global Stats. (2021. Dec.). Mobile Operating System Market Share Worldwide, (Online). https://gs.statcounter.com/os-market-share/mobile/worldwide
  4. F. A. Narudin, A. Feizollah, N. B. Anuar & A. Gani. (2016. Jan.). Evaluation of machine learning classifiers for mobile malware detection, Soft Computing, 20. 343-357. DOI : 10.1007/s00500-014-1511-6
  5. S. E. Kang, N. V. Long & S. H. Jung. (2018. June). Android malware detection using permission-based machine learning approach, Journal of The Korea Institute of Information Security & Cryptology, 28(3). 617-623. DOI : 10.13089/JKIISC.2018.28.3.617
  6. H. Cho. (2019). A study on Android malware event trigger based on reinforcement learning, Master Thesis, Graduate School of Soongsil University, Seoul.
  7. J. G. Joo, I. S. Jeong & S. H. Kang. (2019). An optimal feature selection method to detect malwares in real time using machine learning, Journal of Korea Multimedia Society, 22(2), 203-209. DOI : 10.9717/kmms.2019.22.2.203
  8. J. H. Bo & K. H. Lee. (2020. June). Advanced feature selection method on Android malware detection by machine learning, Journal of the Korea Institute of Information Security & Cryptology, 30(3), 357-367. DOI : 10.13089/JKIISC.2020.30.3.357
  9. Android Developer. (n. d.). Android App Bundle Information (Online). https://developer.android.com/guide/app-bundle
  10. Android Developer. (n. d.). Authority on Android. (Online). https://developer.android.com/guide/topics/permissions/overview
  11. Android Developer. (n. d.). Android developer > Document > Guide (Online). https://developer.android.com/guide/topics/manifest/permission-element
  12. J. H. Yu, I. H. Seo & S. J. Kim. (2017). Study on DNN based Android malware detection method for mobile environment, KIPS Transactions on Computer and Communication Systems, 6(3), 159-168. DOI : 10.3745/KTCCS.2017.6.3.159
  13. L. Li et al. (2017. Aug.). Static analysis of android apps: A systematic literature review, Information and Software Technology, 88, 67-95. DOI : 10.1016/j.infsof.2017.04.001
  14. S. Sarangi, M. Sahidullah & G. Saha. (2020. Sept.). Optimization of data-driven filterbank for automatic speaker verification. Digital Signal Processing, 104. DOI : 10.1016/j.dsp.2020.102795
  15. S. Y. Yerima & S. Sezer. (2019. Feb.). DroidFusion: A novel multilevel classifier fusion approach for android malware detection, IEEE Transactions on Cybernetics, 49(2), 453-466. DOI : 10.1109/TCYB.2017.2777960
  16. D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon & K. Rieck. (2014. Feb.). Drebin: efficient and explainable detection of android malware in your pocket, Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA. DOI : 10.14722/ndss.2014.23247
  17. Y. Zhou & X. Jiang. (2012. May). Dissecting android malware: characterization and evolution, IEEE Symposium on Security and Privacy, San Fransisco, CA, USA. DOI : 10.1109/SP.2012.16