Since the number of mobile malware has been tremendously increased for the last decade, discovering mobile malware has become an important issue. Numerous efforts have been devoted to mitigate mobile malware threats, but they experienced difficulties ...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
https://www.riss.kr/link?id=T14435057
- 저자
-
발행사항
Seoul : Korea University, 2017
-
학위논문사항
Thesis(M.A.) -- Graduate School, Korea University , Department of Computer and Radio Communications Engineering , 2016
-
발행연도
2016
-
작성언어
영어
- 주제어
-
KDC
004 판사항(6)
-
DDC
004 판사항(23)
-
발행국(도시)
서울
-
형태사항
vi, 43 leaves : illustrations ; 26 cm
-
일반주기명
Adviser: 이희조
Bibliography: leaves 38-41 - DOI식별코드
-
소장기관
- 고려대학교 과학도서관
- 고려대학교 도서관
- 고려대학교 세종학술정보원
- 국립중앙도서관
- 고려대학교 과학도서관
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
Since the number of mobile malware has been tremendously increased for the last decade, discovering mobile malware has become an important issue. Numerous efforts have been devoted to mitigate mobile malware threats, but they experienced difficulties because of repackaging and metamorphic techniques. Malware authors are used to generate tremendous variants of malware by applying repackaging that hides attack modules into well-known legitimate applications. Furthermore, in order to evade the existing anti-malware solutions, they leverage the metamorphic techniques such as API substitution and junk code insertion, which allows the manipulation of malware appearance while maintaining same functionality. Consequently, current malware countermeasures are suffering from the scalability problem for responding to the dramatic increase of malware variants. In this paper, we propose a novel method, called DroidGraph, which is scalable and robust against the mobile malware threats. The DroidGraph operation focuses on the semantic behavior of malware. DroidGraph extracts behavior graphs from the application and abstracts behavior graphs to semantic graphs, which are represented with 128 identical nodes based on the semantics of the Android API calls. We select semantic graphs containing representative malicious behaviors of Android malware and employ them as semantic signatures to discover the malware variants. For evaluation, we collected 10,937 legitimate Android applications from the Google Play Store and 5,170 real-world Android malware from malware portal sites such as Contagio. DroidGraph reduced the number of signatures down to 1/8 by comparing with one of the latest research. DroidGraph showed a detection rate of 92.38% with 1.39% of false positives in ten-fold verification.
Since the number of mobile malware has been tremendously increased for the last decade, discovering mobile malware has become an important issue. Numerous efforts have been devoted to mitigate mobile malware threats, but they experienced difficulties because of repackaging and metamorphic techniques. Malware authors are used to generate tremendous variants of malware by applying repackaging that hides attack modules into well-known legitimate applications. Furthermore, in order to evade the existing anti-malware solutions, they leverage the metamorphic techniques such as API substitution and junk code insertion, which allows the manipulation of malware appearance while maintaining same functionality. Consequently, current malware countermeasures are suffering from the scalability problem for responding to the dramatic increase of malware variants. In this paper, we propose a novel method, called DroidGraph, which is scalable and robust against the mobile malware threats. The DroidGraph operation focuses on the semantic behavior of malware. DroidGraph extracts behavior graphs from the application and abstracts behavior graphs to semantic graphs, which are represented with 128 identical nodes based on the semantics of the Android API calls. We select semantic graphs containing representative malicious behaviors of Android malware and employ them as semantic signatures to discover the malware variants. For evaluation, we collected 10,937 legitimate Android applications from the Google Play Store and 5,170 real-world Android malware from malware portal sites such as Contagio. DroidGraph reduced the number of signatures down to 1/8 by comparing with one of the latest research. DroidGraph showed a detection rate of 92.38% with 1.39% of false positives in ten-fold verification.
목차 (Table of Contents)
- Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
- Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
- List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
- List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
- 1 Introduction 1
- Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
- Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
- List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
- List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
- 1 Introduction 1
- 2 Related Work 6
- 3 Backgrounds 9
- 3.1 Application Repackaging . . . . . . . . . . . . . . . . . . . . . . 9
- 3.2 Code Metamorphism . . . . . . . . . . . . . . . . . . . . . . . . 10
- 4 Problem Denition 11
- 4.1 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . 11
- 4.2 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
- 4.3 Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
- 5 DroidGraph 13
- 5.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
- 5.2 API Call Graph Construction . . . . . . . . . . . . . . . . . . . 15
- 5.3 Semantic Abstraction . . . . . . . . . . . . . . . . . . . . . . . 17
- 5.4 Malicious Graph Mining . . . . . . . . . . . . . . . . . . . . . . 19
- 5.5 Signature Matching . . . . . . . . . . . . . . . . . . . . . . . . . 20
- 6 Evaluation 22
- 6.1 Data Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
- 6.2 Signature Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 23
- 6.2.1 Semantic signatures . . . . . . . . . . . . . . . . . . . . 24
- 6.2.2 Signature selection strategy . . . . . . . . . . . . . . . . 25
- 6.2.3 Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . 26
- 6.3 Detection Performance . . . . . . . . . . . . . . . . . . . . . . . 28
- 6.3.1 Detection accuracy . . . . . . . . . . . . . . . . . . . . . 28
- 6.3.2 Metamorphic malware detection . . . . . . . . . . . . . 29
- 6.4 Comparison with a Previous Research . . . . . . . . . . . . . . 31
- 7 Discussion 32
- 7.1 Relationship between Legitimate and Malware Signatures . . . 33
- 7.2 Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
- 7.2.1 Native code and dynamic code change . . . . . . . . . . 34
- 7.2.2 Method level analysis . . . . . . . . . . . . . . . . . . . 35
- 7.2.3 Suspicious behavior by legitimate application . . . . . . 35
- 8 Conclusion 37
- References 38
- Summary (in Korean) 42
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
