(A) collaborative approach on effective and efficient android malware detection = 안드로이드 악성코드의 동적 분석 탐지 방법 연구

Recently, the popularity of smart phone has dramatically increased and that has lead to move of malware from general computers to mobile devices. By this trend, many researchers conducted studies to detect malicious applications (or application) in mobile device. Detection of android malwares is classified into two methods: (i) static analysis, which investigates the source code of malware to detect the malicious behaviors of malware and (ii) dynamic analysis, which monitors the run-time behaviors of malware to detect its un-allowed operations. Surveying recent works, we have noticed that little of works had been done with dynamic method while we have found plentiful studies with static analysis. This has motivated us to conduct the research which aims to detect Android malware with dynamic method. We have discovered that there are three observable parts for detecting malicious behavior in android application: (i) network, (ii) Android APIs, (iii) Android permissions. The detection system consists of three engines and each of them monitors its own observable part of the application, independently detects malicious behavior. Then, taken the information from three of engines, correlator determines a final decision ("malicious" or "benign"). The multiple engines are designed to complement each other. Finally, we have evaluated with 795 malicious applications and 826 malicious applications (1/2 for train, 1/2 for test). We have proved that our proposed method detected malicious applications at very low rate of error and with very small time overhead. To show its high precision of malware detection, we have measured false positive rate and false negative rate and the rate were very low. By comparing precision rate from each engine and overall precision, we have proved that three engines properly compensate failure of detection each other.
Advisors
Shin, Seungwonresearcher신승원researcher
Publisher
한국과학기술원
Issue Date
2016
Identifier
325007
Language
eng
Description

학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2016.2 ,[iv, 30 p. :]

Keywords

Android; Malware; Machine Learning; Dynamic Analysis; Malware Analysis; 안드로이드; 악성코드; 기계학습; 동적분석; 악성행위 분석

URI
http://hdl.handle.net/10203/221949
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=649703&flag=t
Appears in Collection
IS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.
  • Hit : 197
  • Download : 0
  • Cited 0 times in thomson ci

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0