Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

The Detection of Android Malicious Apps Using Categories and Permissions

카테고리와 권한을 이용한 안드로이드 악성 앱 탐지

  • Park, Jong-Chan (Information Security, Busan University of Foreign Studies) ;
  • Baik, Namkyun (Information Security, Busan University of Foreign Studies)
  • Received : 2022.04.25
  • Accepted : 2022.05.24
  • Published : 2022.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Approximately 70% of smartphone users around the world use Android operating system-based smartphones, and malicious apps targeting these Android platforms are constantly increasing. Google has provided "Google Play Protect" to respond to the increasing number of Android targeted malware, preventing malicious apps from being installed on smartphones, but many malicious apps are still normal. It threatens the smartphones of ordinary users registered in the Google Play store by disguising themselves as apps. However, most people rely on antivirus programs to detect malicious apps because the average user needs a great deal of expertise to check for malicious apps. Therefore, in this paper, we propose a method to classify unnecessary malicious permissions of apps by using only the categories and permissions that can be easily confirmed by the app, and to easily detect malicious apps through the classified permissions. The proposed method is compared and analyzed from the viewpoint of undiscovered rate and false positives with the "commercial malicious application detection program", and the performance level is presented.

전 세계 스마트폰 이용자 중 약 70%가 안드로이드 운영체제 기반 스마트폰을 사용하고 있으며 이러한 안드로이드 플랫폼을 표적으로 한 악성 앱이 지속적으로 증가하고 있다. 구글은 증가하는 안드로이드 대상 악성코드에 대응하기 위해 'Google Play Protect'를 제공하여 악성 앱이 스마트폰에 설치되는 것을 방지하고 있으나, 아직도 많은 악성 앱들이 정상 앱처럼 위장하여 구글 플레이스토어에 등록되어 선량한 일반 사용자의 스마트폰을 위협하고 있다. 하지만 일반 사용자가 악성 앱을 점검하기에는 상당한 전문성이 필요하기에 대부분 사용자는 안티바이러스 프로그램에 의존하여 악성 앱을 탐지하고 있다. 이에 본 논문에서는 앱에서 쉽게 확인이 가능한 카테고리와 권한만을 활용하여 앱의 불필요한 악성 권한을 분류하고 분류한 권한을 통해 악성 앱을 쉽게 검출할 수 있는 방법을 제안한다. 제안된 방법은 '상용 악성 앱 검출 프로그램'과 미탐율·오탐율 측면에서 비교 분석하여 성능 수준을 제시하고 있다.

Keywords

Acknowledgement

This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ICAN (ICT Challenge and Advanced Network of HRD) Program (IITP-2022-2020-0-01825) supervised by the IITP (Institute of Information and Communications Technology Planning and Evaluation).

References

  1. Statcounter. Mobile Operating System Market Share Worldwide [Internet]. Available: https://gs.statcounter.com/os-market-share/mobile/worldwide/#monthly-202012-202112.
  2. Securelist by Kaspersky. IT threat evolution Q1 2021. Mobile statistics. (2021, May). [Internet]. Available: https://securelist.com/it-threat-evolution-q1-2021-mobile-statistics/102547/.
  3. Google. Protect your device from malicious apps with Google Play Protect [Internet]. Available: https://support.google.com/googleplay/answer/2812853?hl=ko.
  4. Securityworld. 21 Malicious Game Apps That Break Through Google Play Store's Surveillance Network, (2020, October). [Internet]. Available: https://www.boannews.com/media/view.asp?idx=92163.
  5. sk3ptre. Popular Android threats in 2019 [Internet]. Available: https://github.com/sk3ptre/AndroidMalware_2019.
  6. sk3ptre. Popular Android malware seen in 2020 [Internet]. Available: https://github.com/sk3ptre/AndroidMalware_2020.
  7. Google. Application Sandbox [Internet]. Available: https://source.android.google.cn/security/app-sandbox?hl=ko.
  8. Google. Permission in Android [Internet]. Available: https://developer.android.com/guide/topics/permissions/overview?hl=ko.
  9. G. W. Park, Tamer Abuhmed, D. H. Min, D. H. Nyang, and K. H. Lee, "Improving Permission-based Android Malware Detection Using Control Flow Graph and Library Dependency Information," The Journal of KINGComputing, vol. 15, no. 6, pp. 15-24, Dec. 2019.
  10. B. Kim, J. I. Im, and Y. H. Jo, "Privacy Situation and Countermeasures of Financial Apps based on the Android operating system," The journal of the institute of internet, broadcasting and communication, vol. 14 no. 6, pp. 267-272, Jun. 2014. https://doi.org/10.7236/JIIBC.2014.14.6.267
  11. G. Y. Kim, S. R. Kim, Y. J. Jeon, and J. S. Kim, "A Trend of Machine Learning for Android Malware Detection and Permission Based Android Malware Detection using Deep Learning," Journal of Digital Forensics, vol. 14, no. 3, pp. 316-326, Sep. 2020. DOI: 10.22798/kdfs.2020.14.3.316.
  12. S. W. Min, H. J. Jo, J. S. Shin, and J. C. Ryu, "Android Malware Detection Method Using Machine Learning," Korean Institute of Information Scientists and Engineers, vol. 39, no. 1(C), pp. 280-282, Jun. 2012.