android malware
در نشریات گروه برق-
اندروید در سال های اخیر به عنوان محبوب ترین سیستم عامل گوشی های هوشمند و دستگاه های تلفن همراه ظاهر شده است؛ بااین حال، با توجه به خاصیت متن بازبودن این سیستم عامل، بدافزارهای زیادی در میان نرم افزارها در بازارهای اندروید پنهان شده اند که امنیت آن را با خطر جدی مواجه کرده است؛ لذا یافتن راه حل هایی برای تشخیص این بدافزارها از کارهای ضروری جهت جلوگیری از آلوده شدن تلفن همراه است؛ به این منظور، در این پژوهش، برای تشخیص بدافزارها استفاده روش تخلیه محاسباتی در ساختار محاسبات ابر پیشنهادشده است که این روش باعث می شود تشخیص بدافزارها در زمان معقول، با دقت بالا و با استفاده از منابع کمتر انجام شود. در روش پیشنهادی ویژگی های برنامه های اندروید را در هنگام نصب و زمان اجرا سمت تلفن همراه استخراج می کنیم و ویژگی های استخراج شده به سمت سرور ابر برای تجزیه و تحلیل ارسال می شود و با الگوریتم یادگیری ماشین بدافزارهای اندروید از برنامه های تمیز تشخیص داده می شوند. در این پژوهش، رویکرد پیشنهادی با استفاده از مجموعه داده Drebin آموزش و آزمایش شده است. نتایج به دست آمده، نشان می دهد که رویکرد پیشنهادی به دقت %44/96 برای شناسایی بدافزار دست یافت.
کلید واژگان: بدافزار اندروید، یادگیری ماشین، محاسبات ابرToday, the mobile phone is one of the smart devices that have become a necessity in everyday life and are used for various tasks such as shopping, banking, communicating with friends, family, etc. In recent years, the Android operating system has been able to gain more popularity than other mobile phone operating systems. The number of software related to this operating system is also expanding at a remarkable speed. Unfortunately, this issue is not hidden from the profit-seeking people, and the production of malware of this operating system has also grown in parallel with its development. Third-party Android app stores that have emerged in recent years have become a very strong source of malware distribution, as these stores have weak to non-existent measures to prevent malicious apps from being uploaded and distributed to users' devices. Therefore, one of the challenges that programmers are dealing with in this field is to find solutions to establish security in these types of devices, in such a way that it provides powerful security analysis capabilities while consuming few resources on the device itself. Software products such as Lookout, Norton, and Comodo Mobile Security mainly use signature-based methods to detect malware threats. However, malware attackers use techniques such as repackaging and obfuscation to circumvent signatures and defeat attempts to analyze their internal mechanisms. The ever-increasing sophistication of Android malware requires new defense techniques that can protect users against new threats while not using up all of a mobile device's processing and storage resources. Therefore, in the current research, a computational offloading method is presented in the cloud structure to identify Android malware. The solution proposed by this research first extracts the features of Android applications during installation and execution on the mobile phone, then sends these extracted features to the cloud servers. On the cloud server side, these features are analyzed and using machine learning algorithms, malware is distinguished from clean programs. The proposed approach is trained and tested using the Drebin dataset. The obtained results show that the proposed approach has achieved 96.44% accuracy for malware detection.
Keywords: Android Malware, Machine Learning, Cloud Computing -
Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to provide proper environment for executing the app in an emulator. Monkey is the most popular event generator for Android apps in general, and is used in dynamic analysis of Android malware as well. Monkey provides high code coverage and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events, and because of random behavior in generating UI events, it may lose dropping the connectivity of the test environment during the analysis process. Moreover, it provides no defense against malware evasion techniques. In this paper, we try to enhance Monkey by reducing its limitations while preserving its advantages. The proposed approach has been implemented as an extended version of Monkey, named Curious-Monkey. Curious-Monkey provides facilities for handling system events, handling evasion techniques, and keeping the test environment's connectivity up during the analysis process. We conducted many experiments to evaluate the effectiveness of the proposed tool regarding two important criteria in dynamic malware analysis: the ability to trigger malicious payloads and the code coverage. In the evaluation process, we used the Evadroid benchmark and the AMD malware dataset. Moreover, we compared Curious-Monkey with Monkey and Ares tools. The results show that the Curious-Monkey provides better results in case of triggering malicious payloads, as well as better code coverage.Keywords: Curious-Monkey, Monkey, Android, Event Generator, Android Malware, Dynamic analysis
- نتایج بر اساس تاریخ انتشار مرتب شدهاند.
- کلیدواژه مورد نظر شما تنها در فیلد کلیدواژگان مقالات جستجو شدهاست. به منظور حذف نتایج غیر مرتبط، جستجو تنها در مقالات مجلاتی انجام شده که با مجله ماخذ هم موضوع هستند.
- در صورتی که میخواهید جستجو را در همه موضوعات و با شرایط دیگر تکرار کنید به صفحه جستجوی پیشرفته مجلات مراجعه کنید.
©2000-2025 magiran.com All Rights Reserved.