Araştırma Makalesi
BibTex RIS Kaynak Göster

Permisson Comparison Based Malware Detection System for Android Mobile Applications

Yıl 2017, Cilt: 20 Sayı: 1, 175 - 189, 01.03.2017

Öz

Mobile applications create their own security and privacy models through permission based models. Applications, if they require

to access any sensitive data in mobile devices that they are downloaded on, in order to do the needed system call for this access,

they have to define only required permissions. However, some applications may request extra permissions which they do not need

and may use these permissions for suspicious database access they do later. In this study, the aim is to determine those extra

requested permissions and to use this on the security and privacy model. According to the study, through the determined methodology,

risk values of applications are determined in the light of pre-determined levels within datasets. It is an approach that uses

static analysis and code analysis together. According to this approach, the permissions that the applications request and use are

determined separately and the applications that request extra permissions are discovered. Then, via the produced formula, suspicion

value of every application is determined and applications are classified as malicious or benignant according to this value. This

approach was applied on existing datasets; the results were compared and accuracy level was determined.For Android operating

system, it is aimed to determine the malicious applications via this newly developed method and to create a safer Android atmosphere

for users.

Kaynakça

  • [1] Seo S., Gupta A., Sallam A.M., Bertino E., Yim K., “Detecting mobile malware threats to homeland se-curity through static analysis”, Journal of Network and Computer Applications, 38: 43-53, (2014).
  • [2] Leavitt N., “Mobile phones: the next frontier for hackers?”, IEEE Xplore:Computer, 38: 20-23, (2005).
  • [3] Shih, D.H., Lin, B., Chiang, H.S., Shih, M.H., “Se-curity aspects of mobile phone virus: a critical sur-vey”, Industrial Management & Data Systems, 108: 478-494, (2008).
  • [4] Xiaoyan Z., Juan F., Xiujuan W., “Android malware detection based on permissions”, Infor-mation and Communications Technologies (ICT 2014), 2014 International Conference on, Nan-jing, 1-5, (2014).
  • [5] Geneiatakis D., Fovino I. N. , Kounelis I. ve Stir-paro P., “A Permission verification approach for Android mobile applications”, Computer & Secu-rity, 49: 192-205, (2015).
  • [6] Su M.Y., Chang W.C., “Permission-based Malware Detection Mechanisms for Smart Phones”, Infor-mation Networking(OCOIN) International Confe-rence, Phuket, 449-452, (2014).
  • [7] Bartel A., Klein J., Le Traon Y., Monperrus M., “Automatically securing permission-based software by reducing the attack surface: an applica-tion to Android”, ASE 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, New York, 274-277, (2012).
  • [8] Felt A.P., Chin E., Hanna S., Song D., Wagner D., “Android permissions demystified”, CCS '11 Pro-ceedings of the 18th ACM conference on Compu-ter and communications security, New York, 627-638, (2011).
  • [9] Rosen S., Qian Z., Mao Z.M., “AppProfiler: a flexible method of exposing privacy-related beha-vior in android applications to end users”, CO-DASPY '13 Proceedings of the third ACM confe-rence on Data and application security and pri-vacy, New York, 221-232, (2013).
  • [10] Enck W., Gilbert P., Chun B.G., Cox L.P., Jung J., McDaniel P., Sheth A.N., “Appsplayground: an information-flow tracking system for realtime pri-vacy monitoring on smartphones”, OSDI'10 Proce-edings of the 9th USENIX conference on Opera-ting systems design and implementation, Berkeley, 393-407, (2010).
  • [11] Berthome P., Fecherolle T., Guilloteau N., Lalande J.F., “Repackaging Android Applications for Audi-ting Access to Private Data”, 7th International Conference on Availability, Reliability and Secu-rity. IEEE Computer Society, Prague, 388-396, (2012).
  • [12] Rastogi V, Chen Y, Enck W., “Appsplayground: automatic security analysis of smartphone applica-tions”, 3rd ACM Conference on Data and Appli-cation Security and Privacy, NewYork, 209-220, (2013).
  • [13] Schreckling D, Kstler J, Schaff M., “Information Security Technical Report. Kynoid: real-time enfor-cement of fine-grained, userdefined, and data-cent-ric security policies for android”, 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosys-tems, Berlin, 208-223, (2012).
  • [14] Kodeswaran P, Nandakumar V, Kapoor S, Kama-raju P, Joshi A, Mukherjea S., “Securing enterprise data on smartphones using run time information flow control”, 13th International Conference on Mobile Data Management. IEEE Computer Soci-ety, Bengaluru, Karnataka, 300-305, (2012).
  • [15] Feth D, Pretschner A., “Flexible data-driven secu-rity for android.”, 2012 IEEE Sixth International Conference on Software Security and Reliability IEEE Computer Society, Washington, 41-50, (2012).
  • [16] Beresford AR, Rice A, Skehin N, Sohan R., “Mockdroid: trading privacy for application functi-onality on smartphones”, 12th Workshop on Mo-bile Computing Systems and Applications, NewYork, 49-54, (2011).
  • [17] Xiao X, Tillmann N, Fahndrich M, De Halleux J, Moskal M., “Useraware privacy control via exten-ded static-information-flow analysis”, 27th IEEE/ACM International Conference on Auto-mated Software Engineering, NewYork, 80-89, (2012).
  • [18] Gibler C., Crussell J., Erickson J., Chen H., “And-roidLeaks: automatically detecting potential pri-vacy leaks in android applications on a large scale”, TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing, Berlin, 291-307, (2012).
  • [19] Rosen S, Qian Z, Mao ZM., “AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users”, 3rd ACM Con-ference on Data and Application Security and Pri-vacy, NewYork, 221-232, (2013).
  • [20] Fuchs AP, Chaudhuri A, Foster JS., “Scandroid: au-tomated security certification of android applicati-ons”, Tech Rep, (2009).
  • [21] Xing L., Pan X., Wang R., Yuan K., Wang X., “Upg-rading your Android, elevating my malware: Privi-ledge escalation through Mobile OS updating”, IEEE Symposium on Security and Privacy, Was-hington, 393-408, (2014).
  • [22] Fang Z., Han W., Li Y., “Permission based Android security: Issues and Countermeaures”, Computer & Security, 43 :205-218, (2014).
  • [23]Stirparo P., Kounelis I., “The mobileak project: Fo-rensics methodology for mobile application privacy assessment”, Internet Technology and Secured Transactions: IEEE, London, 297-303, (2012).
  • [24] Orthacker C., Teufl P., Kraxberger S., Lackner G., Gissing M., Marsalek A., Leibetseder J., Preven-hueber O., “Android security permissions- can we trust them?”, Security and Privacy in Mobile Infor-mation and Communication Systems, 94: 40-51, (2011).
  • [25] Bartel A, Klein J, Le Traon Y, Monperrus M., “Dexpler: converting Android dalvik bytecode to jimple for static analysis with soot”, ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, New York, 27-38, (2012).
  • [26] http://user.informatik.uni-goettingen.de/~darp/dre-bin/
  • [27]http://knowyourmobile.com/devices/android-marsh-mallow/23415/android-marshmallow-review-fea-tures-material-design
  • [28] RR Maier D., Protsenko M., Müller T., “A game of Droid and Mouse: The threat of split-personality malware on Andoid”, Computer&Security, 1-14, (2015).
  • [29] Suarez-Tangil, G., Tapiador, J.E., Peris-L., “DEND-ROID: A text mining approach to analyzing and classifying code structures in Android malware fa-milies”, Expert Systems with Applications, 1104-1117, (2014).
  • [30] Yerima, S.Y., Sezer, S., McWilliams, G., “Anaylsis of Bayesian classifcation-based approaches for Android malware detection”, IET Information Se-curity, 25-36, (2014).
  • [31] Liang, S., Du, X., “Permission-Combination-based Scheme for Android Mobile Malware Detection”, 2014 IEEE International Conference on Commu-nications, Sydney, 2301-2306, (2014).
  • [32] Yerima, S.Y., Sezer, S., Muttik, I., “Android Malware Detection Using Parallel Machine Lear-ning Classifiers”, 2014 18th International Confe-rence on Next Generation Mobile Applications, Services and Technologies, Oxford, 37-42, (2014)
  • [33] Yerima, S.Y., Sezer, S., Muttik, I., “A New Android Malware Detection Approach Using Bayesian Clas-sification”, 2013 IEEE 27th International Confe-rence on Advanced Information Network and Applications, Barcelona, 121-128, (2013)
  • [34] Liu, X., Liu, J., “A Two-layerd Permission-based Android Malware Detection Scheme”, 2nd IEEE International Conference on Mobile Cloud Com-puting, Services and Engineering, Oxford, 142-148, (2014)
  • [35] ] Liu, W., “Multiple classifier system based android malware detection”, Internation Conference on Machine Learning and Cybernetics, Tianjin, 57-62, (2013)
  • [36] Sheen, S., Anitha, R., Natarajan, V., “Android based malware detection using a multifeature collabora-tive decision fusion approach”, Neurocomputing, 905-912, (2015)
  • [37] Shen, T., Zhongyang, Y., Xin, Z., “Detect Android Malware Variants using Component Based Topo-logy Graph”, IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 406-413, (2014)
  • [38] Kabakus, A.T., Dogru, I.A., Aydın, C., “APK Au-ditor: Permission-based Android Malware Detec-tion Systems”, Digital Investigation, 1-14, (2015).
  • [39] Yılmaz, E., Koğar H., “Uç Değerle Baş Etmede Kul-lanılan Farklı Tekniklerin Bazı İstatistiksel Analiz Sonuçları Üzerindeki Etkisi”, Journal of Education, 61-67, (2015).

Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti

Yıl 2017, Cilt: 20 Sayı: 1, 175 - 189, 01.03.2017

Öz

Mobil uygulamalar izin tabanlı modelleri sayesinde kendi güvenlik ve gizlilik modellerini oluştururlar. Uygulamalar, yüklendikleri
mobil araçlarda herhangi bir hassas veriye erişmek isterlerse, bu erişim için sadece ihtiyaç duydukları izinleri tanımlamalıdırlar.
Ancak bazı uygulamalar, gerek duyacakları izinlerin haricinde fazladan izin talebinde bulunmakta ve bunu daha sonra yapacakları
şüpheli kaynak erişimleri için kullanabilmektedirler. Bu çalışmada belirlenen yöntem ile veri setleri kullanılarak daha önceden
belirlenen seviyeler doğrultusunda uygulamaların risk değerleri belirlenmektedir. Statik analiz ve kod analizi metotlarını birlikte
kullanılmıştır. Kullanılan yaklaşıma göre uygulamaların istedikleri ve kullandıkları izinler belirlenmekte ve fazladan izin talebinde
bulunan uygulamalar çıkarılmaktadır. Sonrasında ortaya konulan formül sayesinde her bir uygulama için şüphe değeri belirlenmekte
ve bu değere göre uygulamalar kötücül veya zararsız olarak sınıflandırılmaktadır. Ortaya konulan bu yaklaşım, var olan veri
setleri üzerinde uygulanarak sonuçları karşılaştırılmış ve doğruluk seviyesi belirlenmiştir. Android işletim sistemi için, geliştirilen
bu yeni yöntem sayesinde kötücül yazılımların tespit edilmesi ve kullanıcılar açısından daha güvenli bir Android ortamının oluşturulması
amaçlanmıştır.

Kaynakça

  • [1] Seo S., Gupta A., Sallam A.M., Bertino E., Yim K., “Detecting mobile malware threats to homeland se-curity through static analysis”, Journal of Network and Computer Applications, 38: 43-53, (2014).
  • [2] Leavitt N., “Mobile phones: the next frontier for hackers?”, IEEE Xplore:Computer, 38: 20-23, (2005).
  • [3] Shih, D.H., Lin, B., Chiang, H.S., Shih, M.H., “Se-curity aspects of mobile phone virus: a critical sur-vey”, Industrial Management & Data Systems, 108: 478-494, (2008).
  • [4] Xiaoyan Z., Juan F., Xiujuan W., “Android malware detection based on permissions”, Infor-mation and Communications Technologies (ICT 2014), 2014 International Conference on, Nan-jing, 1-5, (2014).
  • [5] Geneiatakis D., Fovino I. N. , Kounelis I. ve Stir-paro P., “A Permission verification approach for Android mobile applications”, Computer & Secu-rity, 49: 192-205, (2015).
  • [6] Su M.Y., Chang W.C., “Permission-based Malware Detection Mechanisms for Smart Phones”, Infor-mation Networking(OCOIN) International Confe-rence, Phuket, 449-452, (2014).
  • [7] Bartel A., Klein J., Le Traon Y., Monperrus M., “Automatically securing permission-based software by reducing the attack surface: an applica-tion to Android”, ASE 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, New York, 274-277, (2012).
  • [8] Felt A.P., Chin E., Hanna S., Song D., Wagner D., “Android permissions demystified”, CCS '11 Pro-ceedings of the 18th ACM conference on Compu-ter and communications security, New York, 627-638, (2011).
  • [9] Rosen S., Qian Z., Mao Z.M., “AppProfiler: a flexible method of exposing privacy-related beha-vior in android applications to end users”, CO-DASPY '13 Proceedings of the third ACM confe-rence on Data and application security and pri-vacy, New York, 221-232, (2013).
  • [10] Enck W., Gilbert P., Chun B.G., Cox L.P., Jung J., McDaniel P., Sheth A.N., “Appsplayground: an information-flow tracking system for realtime pri-vacy monitoring on smartphones”, OSDI'10 Proce-edings of the 9th USENIX conference on Opera-ting systems design and implementation, Berkeley, 393-407, (2010).
  • [11] Berthome P., Fecherolle T., Guilloteau N., Lalande J.F., “Repackaging Android Applications for Audi-ting Access to Private Data”, 7th International Conference on Availability, Reliability and Secu-rity. IEEE Computer Society, Prague, 388-396, (2012).
  • [12] Rastogi V, Chen Y, Enck W., “Appsplayground: automatic security analysis of smartphone applica-tions”, 3rd ACM Conference on Data and Appli-cation Security and Privacy, NewYork, 209-220, (2013).
  • [13] Schreckling D, Kstler J, Schaff M., “Information Security Technical Report. Kynoid: real-time enfor-cement of fine-grained, userdefined, and data-cent-ric security policies for android”, 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosys-tems, Berlin, 208-223, (2012).
  • [14] Kodeswaran P, Nandakumar V, Kapoor S, Kama-raju P, Joshi A, Mukherjea S., “Securing enterprise data on smartphones using run time information flow control”, 13th International Conference on Mobile Data Management. IEEE Computer Soci-ety, Bengaluru, Karnataka, 300-305, (2012).
  • [15] Feth D, Pretschner A., “Flexible data-driven secu-rity for android.”, 2012 IEEE Sixth International Conference on Software Security and Reliability IEEE Computer Society, Washington, 41-50, (2012).
  • [16] Beresford AR, Rice A, Skehin N, Sohan R., “Mockdroid: trading privacy for application functi-onality on smartphones”, 12th Workshop on Mo-bile Computing Systems and Applications, NewYork, 49-54, (2011).
  • [17] Xiao X, Tillmann N, Fahndrich M, De Halleux J, Moskal M., “Useraware privacy control via exten-ded static-information-flow analysis”, 27th IEEE/ACM International Conference on Auto-mated Software Engineering, NewYork, 80-89, (2012).
  • [18] Gibler C., Crussell J., Erickson J., Chen H., “And-roidLeaks: automatically detecting potential pri-vacy leaks in android applications on a large scale”, TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing, Berlin, 291-307, (2012).
  • [19] Rosen S, Qian Z, Mao ZM., “AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users”, 3rd ACM Con-ference on Data and Application Security and Pri-vacy, NewYork, 221-232, (2013).
  • [20] Fuchs AP, Chaudhuri A, Foster JS., “Scandroid: au-tomated security certification of android applicati-ons”, Tech Rep, (2009).
  • [21] Xing L., Pan X., Wang R., Yuan K., Wang X., “Upg-rading your Android, elevating my malware: Privi-ledge escalation through Mobile OS updating”, IEEE Symposium on Security and Privacy, Was-hington, 393-408, (2014).
  • [22] Fang Z., Han W., Li Y., “Permission based Android security: Issues and Countermeaures”, Computer & Security, 43 :205-218, (2014).
  • [23]Stirparo P., Kounelis I., “The mobileak project: Fo-rensics methodology for mobile application privacy assessment”, Internet Technology and Secured Transactions: IEEE, London, 297-303, (2012).
  • [24] Orthacker C., Teufl P., Kraxberger S., Lackner G., Gissing M., Marsalek A., Leibetseder J., Preven-hueber O., “Android security permissions- can we trust them?”, Security and Privacy in Mobile Infor-mation and Communication Systems, 94: 40-51, (2011).
  • [25] Bartel A, Klein J, Le Traon Y, Monperrus M., “Dexpler: converting Android dalvik bytecode to jimple for static analysis with soot”, ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, New York, 27-38, (2012).
  • [26] http://user.informatik.uni-goettingen.de/~darp/dre-bin/
  • [27]http://knowyourmobile.com/devices/android-marsh-mallow/23415/android-marshmallow-review-fea-tures-material-design
  • [28] RR Maier D., Protsenko M., Müller T., “A game of Droid and Mouse: The threat of split-personality malware on Andoid”, Computer&Security, 1-14, (2015).
  • [29] Suarez-Tangil, G., Tapiador, J.E., Peris-L., “DEND-ROID: A text mining approach to analyzing and classifying code structures in Android malware fa-milies”, Expert Systems with Applications, 1104-1117, (2014).
  • [30] Yerima, S.Y., Sezer, S., McWilliams, G., “Anaylsis of Bayesian classifcation-based approaches for Android malware detection”, IET Information Se-curity, 25-36, (2014).
  • [31] Liang, S., Du, X., “Permission-Combination-based Scheme for Android Mobile Malware Detection”, 2014 IEEE International Conference on Commu-nications, Sydney, 2301-2306, (2014).
  • [32] Yerima, S.Y., Sezer, S., Muttik, I., “Android Malware Detection Using Parallel Machine Lear-ning Classifiers”, 2014 18th International Confe-rence on Next Generation Mobile Applications, Services and Technologies, Oxford, 37-42, (2014)
  • [33] Yerima, S.Y., Sezer, S., Muttik, I., “A New Android Malware Detection Approach Using Bayesian Clas-sification”, 2013 IEEE 27th International Confe-rence on Advanced Information Network and Applications, Barcelona, 121-128, (2013)
  • [34] Liu, X., Liu, J., “A Two-layerd Permission-based Android Malware Detection Scheme”, 2nd IEEE International Conference on Mobile Cloud Com-puting, Services and Engineering, Oxford, 142-148, (2014)
  • [35] ] Liu, W., “Multiple classifier system based android malware detection”, Internation Conference on Machine Learning and Cybernetics, Tianjin, 57-62, (2013)
  • [36] Sheen, S., Anitha, R., Natarajan, V., “Android based malware detection using a multifeature collabora-tive decision fusion approach”, Neurocomputing, 905-912, (2015)
  • [37] Shen, T., Zhongyang, Y., Xin, Z., “Detect Android Malware Variants using Component Based Topo-logy Graph”, IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 406-413, (2014)
  • [38] Kabakus, A.T., Dogru, I.A., Aydın, C., “APK Au-ditor: Permission-based Android Malware Detec-tion Systems”, Digital Investigation, 1-14, (2015).
  • [39] Yılmaz, E., Koğar H., “Uç Değerle Baş Etmede Kul-lanılan Farklı Tekniklerin Bazı İstatistiksel Analiz Sonuçları Üzerindeki Etkisi”, Journal of Education, 61-67, (2015).
Toplam 39 adet kaynakça vardır.

Ayrıntılar

Birincil Dil Türkçe
Konular Mühendislik
Bölüm Araştırma Makalesi
Yazarlar

Recep Sinan Arslan Bu kişi benim

İbrahim Alper Doğru Bu kişi benim

Necaattin Barışçı

Yayımlanma Tarihi 1 Mart 2017
Gönderilme Tarihi 21 Mayıs 2016
Yayımlandığı Sayı Yıl 2017 Cilt: 20 Sayı: 1

Kaynak Göster

APA Arslan, R. S., Doğru, İ. A., & Barışçı, N. (2017). Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi, 20(1), 175-189.
AMA Arslan RS, Doğru İA, Barışçı N. Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi. Mart 2017;20(1):175-189.
Chicago Arslan, Recep Sinan, İbrahim Alper Doğru, ve Necaattin Barışçı. “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”. Politeknik Dergisi 20, sy. 1 (Mart 2017): 175-89.
EndNote Arslan RS, Doğru İA, Barışçı N (01 Mart 2017) Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi 20 1 175–189.
IEEE R. S. Arslan, İ. A. Doğru, ve N. Barışçı, “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”, Politeknik Dergisi, c. 20, sy. 1, ss. 175–189, 2017.
ISNAD Arslan, Recep Sinan vd. “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”. Politeknik Dergisi 20/1 (Mart 2017), 175-189.
JAMA Arslan RS, Doğru İA, Barışçı N. Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi. 2017;20:175–189.
MLA Arslan, Recep Sinan vd. “Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti”. Politeknik Dergisi, c. 20, sy. 1, 2017, ss. 175-89.
Vancouver Arslan RS, Doğru İA, Barışçı N. Android Mobil Uygulamalar için İzin Karşılaştırma Tabanlı Kötücül Yazılım Tespiti. Politeknik Dergisi. 2017;20(1):175-89.
 
TARANDIĞIMIZ DİZİNLER (ABSTRACTING / INDEXING)
181341319013191 13189 13187 13188 18016 

download Bu eser Creative Commons Atıf-AynıLisanslaPaylaş 4.0 Uluslararası ile lisanslanmıştır.