안드로이드 모바일 정상 및 악성 앱 시스템 콜 이벤트 패턴 분석을 통한 유사도 추출 기법

Abstract

Distribution of malicious applications developed by attackers is increasing along with general normal applications due to the openness of the Android-based open market. Mechanism that allows more accurate ways to distinguish normal apps and malicious apps for common mobile devices should be developed in order to reduce the damage caused by the rampant malicious applications. This paper analysed the normal event pattern from the most highly used game apps in the Android open market to analyse the event pattern from normal apps and malicious apps of mobile devices that are based on the Android platform, and analysed the malicious event pattern from the malicious apps and the disguising malicious apps in the form of a game app among 1260 malware samples distributed by Android MalGenome Project. As described, experiment that extracts normal app and malicious app events was performed using Strace, the Linux-based system call extraction tool, targeting normal apps and malicious apps on Android-based mobile devices. Relevance analysis for each event set was performed on collected events that occurred when normal apps and malicious apps were running. This paper successfully extracted event similarity through this process of analyzing the event occurrence characteristics, pattern and distribution on each set of normal apps and malicious apps, and lastly suggested a mechanism that determines whether any given app is malicious. ☞ keyword : Android, Normal and Malicious Application, System call events, Pattern Analysis, Similarity Analysis 1 School of Computer Engineering, Hanshin University, Gyeonggi, 447-791, Rep. of Korea. * Corresponding author (hwlee@hs.ac.kr) [Received 14 October 2013, Reviewed 22 October 2013, Accepted 12 November 2013] ☆ 본 연구는 2013년도 한국연구재단의 지원을 받아 수행된 기 초연구사업임 (No. 2012R1A1A2004573) ISSN 1598-0170 (Print) ISSN 2287-1136 (Online) http://www.jksii.or.kr http://dx.doi.org/10.7472/jksii.2013.14.6.125 안드로이드 모바일 정상 및 악성 앱 시스템 콜 이벤트 패턴 분석을 통한 유사도 추출 기법