Phát hiện mã độc trên Android bằng phương pháp phân tích tập tin manifest
Abstract- Malicious code on phones is running on Android operating system and more. Therefore, the analysis of the application before installating on the device that is very necessary. In the analytical methods, static analysis is the method that gives the most accurate and economical results. The article presents the method of detecting malicious code on mobile phones using attributes obtained from the application's manifest file. This method can be used to detect malware samples that are not detected by signature-based analysis. Our four-step analysis method will be covered in detail in this article. After the analysis steps, it will be concluded whether the application included in the test is safe or not. This helps users avoid installing malicious applications on their devices.
|
Tài liệu tham khảo [1] Christian Lueg, “8,400 new Android malware samples every day”, G DATA Security Blog, 2017. [2] Eric Chin, “Motivations of Recent Android Malware”, Symantec Security Response, Tech. Rep, 2011. [3] Himanshu Shewale, Sameer Patil, Vaibhav Deshmukh and Pragya Singh, “Analysis of Android Vulnerabilities and Modern Exploitation Techniques”, in ICTACT Journal on Communication Technology, vol.5, no.1, 2014. [4] Kindsight, “The Mobile Malware Problem”, in A Kindsight White Paper, Ottawa, Canada, Tech.Report, 2012. [5] Muhammad Zuhair Qadir, Atif Nisar Jilani and Hassan Ullah Sheikh, “Automatic Feature Extraction, Categorization and Detection of Malicious Code in Android Application”, in Proceeding International Journal of Information and Network Security, vol.3, no.1, pp.12-17, 2014. [6] Stefan Brahler, “Analysis of the Android Architecture”, Karlsruhe Institute of Technology, Tech. Rep, 2010. [7] Justin Sahs and Latifur Khan, “A Machine Learning Approach to Android Malware Detection”, in Intelligence and Security Informatics Conference, Odense, European, 2012. [8] Luoshi Zhang, Yan Niu, Xiao Wu, Zhaoguo Wang and Yibo Xue, “A3: Automatic Analysis of Android Malware”, in International Workshop on Cloud Computing and Information Security, 2013. [9] Alessandro Armando, Alessio Merlo and Luca Verderama, “Security Issues in the Android cross-layer architecture”, 2012. [10] Kevin Allix, Tegawende Bissyande, Quentin Jerome, Jacques Klein and Radu State, “Large-Scale Machine Learning-based Malware Detection: Confronting the “10-Fold Cross Validation” Scheme with Reality”, in Conference on Data and Application Security and Privacy, San Antonio, Texas, USA, 2014. [11] Zami Aung and Win Zaw, “Permission-Based Android Malware Detection”, in International Journal of Scientific & Technology Research, vol.2, no.3, 2013. [12] Yousra Aafer, Wenliang Du and Heng Yin, “DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android”, in Security and Privacy in Communication Networks, pp. 86-103, 2013. [13] Detecting Android Malware by Analyzing Manifest Files: Ryo Sato1, Daiki Chiba and Shigeki Goto. [14] Nguyễn Minh Đức, “Phân tích mã độc trên Android và dự đoán xu hướng năm 2015”, SecurityDaily, 2015. [15] Troy Vennon, GTC Research Engineer, “A Study of Known and PotentialMalware Threats”, 2010. [16] Isohara T.; Kawabata H.; Yakemori K.; Kubota A.; Kani J.; Agematsu H.; Nishigaki A. Detection Technique of Android Malware with Second Application. Proceedings of Computer Security Symposium. [17] Enck W.; Ongtang M.; McDaniel P. On Lightweight Mobile Phone Application Certification. [18] Wu D.; Mao C.; Wei T.; Lee H.; Wu K. DroidMat: Android Malware Detection throug Manifest and API Calls Tracing. Seventh Asia Joint Conference on Information Security. [19] https://play.google.com/store [20] https://virusshare.com [21] http://www.cs.waikato.ac.nz/ml/weka/ |
Lê Bá Cường, Trịnh Doãn Mạnh
