Recently, the popularity of smart phone has dramatically increased and that has lead to move of malware from general computers to mobile devices. By this trend, many researchers conducted studies to detect malicious applications (or application) in mobile device. Detection of android malwares is classified into two methods: (i) static analysis, which investigates the source code of malware to detect the malicious behaviors of malware and (ii) dynamic analysis, which monitors the run-time behaviors of malware to detect its un-allowed operations. Surveying
recent works, we have noticed that little of works had been done with dynamic method while we have found plentiful studies with static analysis.
This has motivated us to conduct the research which aims to detect Android malware with dynamic method. We have discovered that there are three observable parts for detecting malicious behavior in android application: (i) network, (ii) Android APIs, (iii) Android permissions. The detection system consists of three engines and each of them monitors its own observable part of the application, independently detects malicious behavior. Then, taken the information from three of engines, correlator determines a final decision ("malicious" or "benign"). The multiple engines are designed to complement each other.
Finally, we have evaluated with 795 malicious applications and 826 malicious applications (1/2 for train, 1/2 for test). We have proved that our proposed method detected malicious applications at very low rate of error and with very small time overhead. To show its high precision of malware detection, we have measured false positive rate and false negative rate and the rate were very low. By comparing precision rate from each engine and overall precision, we have proved that three engines properly compensate failure of detection each other.
스마트 기기의 보급 이후, 안드로이드에서 악성앱의 수가 기하급수적으로 증가하고 있고, 이에 따라 이를 감지하는 기법에 대해 많은 연구가 진행되어 왔다. 한편, 악성앱의 코드를 정적으로 분석하는 기법은 빠르고, 코드의 모든 영역을 살펴볼 수 있는 장점이 있어, 많은 연구가 진행되어 온 반면, 앱을 동적으로 수행하여 분석을 하는 방법은 실행에 있어 오버헤드(overhead)가 발생하고, 코드 수행률의 문제 등에 따라 비교적 많이 연구되고 있지 않다. 이에 따라, 본 논문에서는 코드를 동적으로 분석하되, 경량화되고, 높은 수준의 정확도를 갖춘 안드로이드 악성앱 분석 방법을 연구한다. 또한 감지 기법을 상용화된 안드로이드의 기기에 구현하고, 현존하는 악성앱을 통해 정확도를 검증한다. 또한 이를 통해 실시간 안드로이드 동적 감지 시스템에 대한 가능성을 확인한다.