Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾Èµå·ÎÀ̵å Ç÷§Æû¿¡¼ ¾Ç¼º ÇàÀ§ ºÐ¼®À» ÅëÇÑ Æ¯Â¡ ÃßÃâ°ú ¸Ó½Å·¯´× ±â¹Ý ¾Ç¼º ¾îÇø®ÄÉÀÌ¼Ç ºÐ·ù |
| ¿µ¹®Á¦¸ñ(English Title) |
Malware Application Classification based on Feature Extraction and Machine Learning for Malicious Behavior Analysis in Android Platform |
| ÀúÀÚ(Author) |
±èµ¿¿í
³ª°æ±â
ÇÑ¸í¹¬
±è¹ÌÁÖ
°í ¿õ
¹ÚÁØÇü
Dong-Wook Kim
Kyung-Gi Na
Myung-Mook Han
Mijoo Kim
Woong Go
Jun Hyung Park
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 19 NO. 01 PP. 0027 ~ 0035 (2018. 02) |
Çѱ۳»¿ë
(Korean Abstract) |
º» ³í¹®Àº ¾Èµå·ÎÀ̵å Ç÷§Æû¿¡¼ ¾Ç¼º ¾îÇø®ÄÉÀ̼ÇÀ» ŽÁöÇϱâ À§ÇÑ ¿¬±¸·Î, ¾Èµå·ÎÀÌµå ¾Ç¼º ¾îÇø®ÄÉÀ̼ǿ¡ ´ëÇÑ À§Çù°ú ÇàÀ§ ºÐ¼®¿¡ ´ëÇÑ ¿¬±¸¸¦ ¹ÙÅÁÀ¸·Î ¸Ó½Å·¯´×À» Àû¿ëÇÑ ¾Ç¼º ¾îÇø®ÄÉÀÌ¼Ç Å½Áö¸¦ ¼öÇàÇÏ¿´´Ù. ¾Èµå·ÎÀ̵åÀÇ ÇàÀ§ ºÐ¼®Àº µ¿Àû ºÐ¼® µµ±¸¸¦ ÅëÇØ ¼öÇàÇÒ ¼ö ÀÖÀ¸¸ç, À̸¦ ÅëÇØ ¾îÇø®ÄÉÀ̼ǿ¡ ´ëÇÑ API Calls, Runtime Log, System Resource, Network µîÀÇ Á¤º¸¸¦ ÃßÃâÇÒ ¼ö ÀÖ´Ù. ÀÌ ¿¬±¸¿¡¼´Â ÇàÀ§ ºÐ¼®À» ÅëÇÑ Æ¯Â¡ ÃßÃâÀ» ¸Ó½Å·¯´×¿¡ Àû¿ëÇϱâ À§ÇØ Æ¯Â¡¿¡ ´ëÇÑ ¼Ó¼ºÀ» º¯È¯ÇÏ°í, Àüü Ư¡¿¡ ´ëÇÑ ¸Ó½Å·¯´× Àû¿ë°ú Ư¡µéÀÇ ¿¬°üºÐ¼®À» ÅëÇÑ ÁÖ¼ººÐºÐ¼®À¸·Î Ư¡°£ÀÇ »ó°üºÐ¼®À¸·Î ¾òÀº ¸Ó½Å·¯´× Àû¿ëÀ» ¼öÇàÇÏ¿´´Ù, ÀÌ¿¡ ´ëÇÑ °á°ú·Î ¾Ç¼º ¾îÇø®ÄÉÀ̼ǿ¡ ´ëÇÑ ¸Ó½Å·¯´× ºÐ·ù °á°ú´Â Àüü Ư¡À» »ç¿ëÇÑ ºÐ·ù °á°úº¸´Ù ÁÖ¿ä Ư¡À» ÅëÇÑ Á¤È®µµ °á°ú°¡ ¾à 1~4%Á¤µµ Çâ»óµÇ¾úÀ¸¸ç, SVM ºÐ·ù±âÀÇ °æ¿ì 10%ÀÌ»óÀÇ ÁÁÀº °á°ú¸¦ ¾òÀ» ¼ö ÀÖ¾ú´Ù. ÀÌ °á°ú¸¦ ÅëÇؼ ¿ì¸®´Â ÀüüÀûÀΠƯ¡À» ÀÌ¿ëÇÏ´Â °Íº¸´Ù, ÁÖ¿ä Ư¡¸¸À» ÅëÇØ ¾òÀ» °á°ú°¡ ÀüüÀûÀÎ ºÐ·ù ¾Ë°í¸®Áò¿¡ ´õ ÁÁÀº °á°ú¸¦ ¾òÀ» ¼ö ÀÖ°í, µ¥ÀÌÅÍ ¼¼Æ®¿¡¼ ÀǹÌÀִ Ư¡À» ¼±Á¤ÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù°í ÆľÇÇÏ¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
This paper is a study to classify malicious applications in Android environment. And studying the threat and behavioral analysis of malicious Android applications. In addition, malicious apps classified by machine learning were performed as experiments. Android behavior analysis can use dynamic analysis tools. Through this tool, API Calls, Runtime Log, System Resource, and Network information for the application can be extracted. We redefined the properties extracted for machine learning and evaluated the results of machine learning classification by verifying between the overall features and the main features. The results show that key features have been improved by 1~4% over the full feature set. Especially, SVM classifier improved by 10%. From these results, we found that the application of the key features as a key feature was more effective in the performance of the classification algorithm than in the use of the overall features. It was also identified as important to select meaningful features from the data sets.
|
| Å°¿öµå(Keyword) |
¾Èµå·ÎÀ̵å
ÇàÀ§ ºÐ¼®
Ư¡ ÃßÃâ
»ó°ü ºÐ¼®
¾Ç¼º ¾îÇø®ÄÉÀÌ¼Ç ºÐ·ù
Android
Behivavr Analysis
Feature Extraction
Correlation Analysis
Malware Application Classification
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
