Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
¸Ó½Å·¯´×À» ÀÌ¿ëÇÑ ¾Èµå·ÎÀÌµå ¸Ö¿þ¾î ŽÁö¿¡¼ API È£ÃâÀÇ È¿°ú ºÐ¼® |
| ¿µ¹®Á¦¸ñ(English Title) |
Analyzing the Effects of API Calls in Android Malware Detection Using Machine Learning |
| ÀúÀÚ(Author) |
¹Ú¼ºÇö
°¹®¿µ
¹ÚÁöÇö
Á¶¼ºÁ¦
ÇÑ»óö
Seonghyun Park
Munyeong Kang
Jihyeon Park
Seong-je Cho
Sangchul Han
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 48 NO. 03 PP. 0257 ~ 0263 (2021. 03) |
Çѱ۳»¿ë
(Korean Abstract) |
º» ³í¹®Àº API È£Ãâ Á¤º¸ÀÇ Ç¥Çö ¹æ½Ä°ú Àüó¸® ¹æ½ÄÀÌ ¾Èµå·ÎÀÌµå ¾Ç¼º ¾Û ŽÁö ½Ã½ºÅÛÀÇ Á¤È®µµ¿¡ ¹ÌÄ¡´Â ¿µÇâÀ» Æò°¡ÇÑ´Ù. ¹Î°¨ÇÑ µ¥ÀÌÅ͸¦ Á¢±Ù ¶Ç´Â Á¦¾îÇÏ´Â API È£Ãâ Á¤º¸¸¦ ¾Û¿¡¼ ÃßÃâÇÏ¿© ¸Ó½Å·¯´×ÀÇ Æ¯Â¡Á¤º¸·Î »ç¿ëÇÒ ¶§, ÃßÃâÇÑ API Á¤º¸¸¦ ¾î¶² ¹æ½ÄÀ¸·Î È°¿ëÇÏ´Â °ÍÀÌ ÁÁÀº°¡¸¦ ºÐ¼®ÇÑ´Ù. º» ³í¹®¿¡¼´Â, API È£Ãâ À̸§¸¸À» °í·Á, API È£Ãâ ºóµµ °í·Á, API È£Ãâ ÀÎÀÚ ¹× ¸®ÅÏŸÀÔ Æ÷ÇÔ µîÀÇ ¹æ½ÄÀ¸·Î API È£Ãâ Á¤º¸¸¦ Ç¥ÇöÇÏ°í Àüó¸®ÇÏ¿© ¸Ó½Å·¯´× ¾Ë°í¸®ÁòÀ» Àû¿ëÇÑ´Ù. ½ÇÇè °á°ú, Ư¡Á¤º¸¿¡ API È£Ãâ ÀÎÀÚ ¹× ¸®ÅÏŸÀÔÀ» Æ÷ÇÔÇÏ°í È£Ã⠺󵵸¦ Ç¥ÇöÇÑ °æ¿ì¿¡ ¹Ì¼¼ÇÏ°Ô ³ôÀº Á¤È®µµ¸¦ º¸¿´À¸¸ç, Ư¡Á¤º¸ Å©±â Ãø¸é¿¡¼´Â È£Ãâ APIÀÇ Å¬·¡½º À̸§°ú ¸Þ¼Òµå À̸§, Á¸Àç ¿©ºÎ¸¸À» Ç¥ÇöÇÑ °æ¿ì°¡ °¡Àå È¿À²ÀûÀ̾ú´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
This paper evaluates the effect of preprocessing and representing API call information on the accuracy of the system to detect malicious Android apps. We extract API calls that access or control sensitive data from target apps, and use the calls in machine learning algorithms to detect malicious apps. We then determine which expression of the API calls is most effective in classifying the apps as malicious or benign. Four ways of representing each API call are considered: class/method name with and without arguments/return type, and its presence (whether an API is called or not) and its frequency if called. The detection system has performed slightly better when the arguments/return type and the frequency of each API call were considered together. Its feature size was most efficient when considering the class/method name and the presence of each API call.
|
| Å°¿öµå(Keyword) |
¾Ç¼º ¾Û ŽÁö
API È£Ãâ
ÀÎÀÚ
¸®ÅÏŸÀÔ
È£Ãâ ºóµµ
API Á¸Àç
malicious app detection
API call
argument
return type
call frequency
presence of API
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
