Android Platformunda Kötücül Yazılım Tespiti: Literatür İncelemesi

Yıl 2020, Cilt: 13 Sayı: 1, 65 - 76, 31.01.2020

Gökçer Peynirci Mete Eminağaoğlu

https://doi.org/10.17671/gazibtd.524408

Öz

Kötücül yazılımların tespiti Windows, Mac, Linux gibi geniş kitlelerin kullandığı işletim sistemleri de dahil olmak üzere, platformdan bağımsız bir biçimde karşımıza çıkmaktadır. Android işletim sistemi, akıllı telefonlarda pazar payı liderliği ve açık kaynaklı yapısıyla kötücül yazılımların birincil hedefi haline gelmiştir. Bunun sonucu olarak da bilişim suçlularının günümüzde öncelikli hedefi olan bu platform, aynı zamanda yeni güvenlik yöntemleri ve teknikleri tasarlayıp yeterliliklerini ölçmek isteyen araştırmacılar için de en öncelikli ortamlardan birini oluşturmaktadır. Olabildiğince fazla sayıda ve güncel çalışmaların incelenmesinin amaçlandığı bu literatür taramasında, Android işletim sistemini hedef alan kötücül yazılımların, yapay öğrenme teknikleri ve yaklaşımları kullanılarak tespit edilmesi konuları kapsanmıştır. Bu alandaki bilimsel araştırmalar mevcut literatürden derlenerek ilgili çalışmalarda kullanılan veya kullanılması önerilen tasarım, yöntem ve uygulamalar özet bir biçimde anlatılmıştır.

Anahtar Kelimeler

Android, kötücül yazılım tespiti, yapay öğrenme, veri madenciliği, öznitelik seçimi

Malware Detection on Android Platform: A Literature Review

Öz

The problem of malware detection, irrespective of the platform of choice, affects nearly all operating systems, including the ones with large user bases such as Windows, Mac, and Linux. A significantly larger market share in the smartphone market compared to even its greatest rival and its open source architecture has made Android operating system the prime target for malware-related threats and cyber-attacks. Therefore, Android became the primary platform for designing and measuring the effectiveness of new approaches and methodologies for malware detection. This literature review focuses on the topic of detection of malware on Android platform by utilizing machine learning techniques and approaches. An extensive collection of the scientific studies on the given topic was collected and the design, the methodology and the real-world applications proposed or implemented by them are described in a short and concise manner.

Anahtar Kelimeler

Android, malware detection, machine learning, data mining, feature selection

Kaynakça

• A.D. Schmidt, H. G. Schmidt, J. Clausen, K.A. Yuksel, O. Kiraz, A. Camtepe, S. Albayrak, "Enhancing security of Linux-based Android devices", 15th International Linux Conference, Hamburg, Germany, 2008.
• A.D. Schmidt, R. Bye, H.-G Schmidt, J. Clausen, O. Kiraz, K. A. Yuksel, S. A. Camtepe, S. Albayrak, "Static Analysis of Executables for Collaborative Malware Detection on Android", (ICC’09) IEEE International Conference on Communications, Dresden, Germany, 631–635, June 14-18, 2009.
• W. Enck, M. Ongtang, P. D. McDaniel, "Understanding Android Security", IEEE Security & Privacy, 7(1), 50–57, 2009.
• A. P. Fuchs, A. Chaudhuri, J. S. Foster, SCanDroid: Automated Security Certification of Android Applications, Technical Report CS-TR-4991, Department of Computer Science, University of Maryland, College Park, November 2009.
• T. Bläsing, L. Batyuk, A.-D Schmidt, S. A. Camtepe, S. Albayrak, "An Android application sandbox system for suspicious software detection", 5th International Conference on Malicious and Unwanted Software, Nancy, Lorraine, France, 55–62, October 19-20, 2010.
• D. Wu, C. Mao, T. Wei, H. Lee, K. Wu, "DroidMat: Android Malware Detection through Manifest and API Calls Tracing", (Asia JCIS), Seventh Asia Joint Conference on Information Security, Tokyo, Japan, 62–69, August 9-10, 2012.
• Internet: Contagio Mobile, http://contagiominidump.blogspot.com, 28.01.2018.
• Y. Aafer, W. Du, H. Yin, "DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android", Secure Communications, Lect. Notes of the Inst. for CS, Social Informatics and Telecommunications Engineering, 127, 86–103, 2013.
• J. R. Quinlan, "Induction of Decision Tree", Machine Learning, 1, 81-106, 1986.
• J. R. Quinlan, C4.5: Programs for Machine Learning, Morgan Kaufmann, 1993.
• D. W. Aha, D. Aha, M. K. Albert, "Instance-Based learning algorithms", Machine Learning, 6, 37-66, 1991.
• C. Cortes, V. Vapnik, "Support-Vector Networks", Machine Learning, 20, 273-297, 1995.
• W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, A. N. Sheth, "TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones", 9th USENIX Conference on Operating Systems Design and Implementation, Vancouver, BC, Canada, 1–6, October 4-6, 2010.
• H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, I. Molloy, "Using probabilistic generative models for ranking risks of android apps", (CCS 2012) ACM Conference on Computer and Communications Security, New York, USA, 241–252, October 16-18, 2012.
• P. Lantz, A. Desnos, K. Yang. "Droidbox: Android application sandbox", https://github.com/pjlantz/droidbox.
• E. Chin, A. Felt, K. Greenwood, D. Wagner, "Analyzing interapplication communication in Android", 9th International Conference on Mobile Systems, Applications, and Services, New York, USA, June 28-July 01, 2011.
• I. Burguera, U. Zurutuza, S. Nadjm-Tehrani, "Crowdroid: Behavior based malware detection system for Android", 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, New York, USA, 15–26, October 17-21, 2011.
• S. Y. Yerima, S. Sezer, G. McWilliams, I. Muttik, "A New Android Malware Detection Approach Using Bayesian Classification", (AINA 2013) 27th International Conference on Advanced Information Networking and Applications, Barcelona, Spain, 121–128, March 25-28, 2013.
• K. O. Elish, X. Shu, D. D. Yao, B. G. Ryder, X. Jiang, "Profiling user-trigger dependence for Android malware detection", Computers & Security, 49, 255–273, 2015.
• D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, K. Rieck, C. Siemens, "Drebin: Effective and explainable detection of Android malware in your pocket", (NDSS) 21st Annual Symposium on Network and Distributed System Security, San Diego, California, February 23-26, 2014.
• B. Sanz, I. Santos, J. Nieves, C. Laorden, I. Alonso-Gonzalez, P. G. Bringas, "MADS: Malicious Android Applications Detection through String Analysis", Network and System Security, 7873, Lecture Notes in Computer Science, Javier Lopez, Xinyi Huang, Ravi Sandhu (Eds.), 178–191, Springer Berlin Heidelberg, 2013.
• E. N. Çinicioğlu, M. Atalay, H. Yorulmaz, "Trafik Kazaları Analizi için Bayes Ağları Modeli", Bilişim Teknolojileri Dergisi, 6(2), 41-52, 2013.
• S. Wu, P. Wang, X. Li, Y. Zhang, "Effective detection of Android malware based on the usage of data flow APIs and machine learning", Information and Software Technology, 75, 17-25, 2016.
• F. Shahzad, M. Akbar, S. Khan, M. Farooq, Tstructdroid: Realtime malware detection using in-execution dynamic analysis of kernel process control blocks on Android, Technical Report, National University of Computer & Emerging Sciences, Islamabad, Pakistan, 2013.
• L. Yan, H. Yin, "DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis", 21st USENIX Security Symposium, Bellevue, WA, USA, 569-584, August 8-10, 2012.
• G. Dini, F. Martinelli, A. Saracino, D. Sgandurra, "Madam: A multi-level anomaly detector for Android malware”, (MMM-ACNS’12) 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, St. Petersburg, Russia, 240–253, October 17-19, 2012.
• C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, W. Zou, "Smartdroid: an automatic system for revealing ui-based trigger conditions in Android applications”, 2nd ACM workshop on Security and privacy in smartphones and mobile devices, Raleigh, NC, USA, 93–104, October 16-18, 2012.
• S. Y. Yerima, S. Sezer, I. Muttik, "High accuracy Android malware detection using ensemble learning”, IET Information Security, 9(6), 313–320, 2015.
• X. Wang, D. Zhang, X. Su, W. Li, "Mlifdect: Android malware detection based on parallel machine learning and information fusion”, Security and Communication Networks, 1-14, 2017.
• Y. Zhou, X. Jiang, "Dissecting Android Malware: Characterization and Evolution”, 33rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 95–109, May 20-23, 2012.
• M. K. Alzaylaee, S. Y. Yerima, S. Sezer, "EMULATOR vs REAL PHONE: Android malware detection using machine learning”, 3rd ACM International Workshop on Security and Privacy Analytics, Scottsdale, Arizona, USA, March 22 - 24, 2017.
• Internet: SantokuLinux, https://santoku-linux.com, 07.11.2018.
• B. Amos, H. Turner, J. White, "Applying machine learning classifiers to dynamic Android malware detection at scale”, (IWCMC 2013) 9th International Wireless Communications and Mobile Computing Conference, Cagliari, Sardinia, Italy, July 1-5, 2013.
• W-C. Wu, S-H. Hung, "DroidDolphin: A dynamic Android malware detection framework using big data and machine learning”, International Conference on Research in Adaptive and Convergent Systems, Towson, MD, USA, October 05-08, 2014.
• S. Y. Yerima, S. Sezer, I. Muttik, "Android malware detection using parallel machine learning classifiers", 8th International Conference on Next Generation Mobile Apps, Services and Technologies, Oxford, UK, 37-42, September 10-12, 2014.
• N. Peiravian, X. Zhu, "Machine learning for Android malware detection using permission and API calls”, IEEE 25th International Conference on Tools with Artificial Intelligence, Herndon, VA, USA, November 4-6, 2013
• H. A. Alatwi, T. Oh, E. Fokoue, B. Stackpole, "Android malware detection using category-based machine learning classifiers”, 17th Annual Conference on Information Technology Education, Boston, MA, USA, September 28 - October 01, 2016.
• E. Mariconti, L. Onwuzurike, P. Andriotis, E. D. Cristofaro, G. Ross, G. Stringhini, "MaMaDroid: Detecting Android malware by building markov chains of behavioral models”, arXiv:1612.04433, https://arxiv.org/abs/1612.04433, 2017.
• L. Onwuzurike, M. Almeida, E. Mariconti, J. Blackburn, G. Stringhini, E. D. Cristofaro, "A family of droids: Analyzing behavioral model based Android malware detection via static and dynamic analysis”, arXiv:1803.03448, https://arxiv.org/abs/1803. 03448, 2018.
• M. Almeida, M. Bilal, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Varvello, J. Blackburn, "CHIMP: Crowdsourcing Human Inputs for Mobile Phones", (WWW 2018) World Wide Web Conference, Lyon, France, April 23 – 27, 2018.
• Internet: VirusShare, https://virusshare.com, 27.08.2018.
• L. Sayfullina, E. Eirola, D. Komashinsky, P. Palumbo, Y. Miche, A. Lendasse, J. Karhunen, "Efficient detection of zero-day Android malware using normalized Bernoulli Naive Bayes”, IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, August 20-22, 2015.
• R. Dhaya, M. Poongodi, "Detecting software vulnerabilities in Android using static analysis”, IEEE International Conference on Advanced Communications, Control and Computing Technologies, Ramanathapuram, India, May 8-10, 2014.
• M. Lindorfer, M. Neugschwandtner, C. Platzer, "MARVIN: Efficient and comprehensive mobile app classification through static and dynamic analysis”, IEEE 39th Annual Computer Software and Applications Conference, Taichung, Taiwan, July 1-5, 2015.
• A. Pektaş, M. Çavdar, T. Acarman, "Android malware classification by applying online machine learning”, (ISCIS 2016) International Symposium on Computer and Information Sciences, Kraków, Poland, 72-80, October 27–28, 2016.
• Internet: CuckooSandbox, https://cuckoosandbox.org, 05.07.2018.
• Y-W. Chen, C-J. Lin, "Combining SVMs with various feature selection strategies”, Feature Extraction, 207, Studies in Fuzziness and Soft Computing, I. Guyon, M. Nikravesh, S. Gunn, L. A. Zadeh (Eds.), 315-324. Berlin, Heidelberg, 2016.
• M. Damshenas, A. Dehghantanha, K-K. R. Choo, R. Mahmud, "M0Droid: An Android behavioral-based malware detection model”, Journal of Information Privacy and Security, 11(3), 141-157, 2015.
• Internet: OWASP Seraphimdroid, https://github.com/nikola milosevic86/owasp-seraphimdroid, 15.08.2018.
• G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, J. Blasco, "Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families”, Expert Systems with Applications, 41(4), 1104-1117, 2014.
• L. D. Coronado-De-Alba, A. Rodríguez-Mota, P. J. E. Ambrosio, "Feature selection and ensemble of classifiers for Android malware detection”, 8th IEEE Latin-American Conference on Communications (LATINCOM), Medellin, Colombia, November 15-17, 2016.
• G. Suarez-Tangil, G. Stringhini, "Eight years of rider measurement in the Android malware ecosystem: Evolution and lessons learned”, arXiv:1801.08115, https://arxiv.org/abs/1801.08115, 2018.
• K. Allix, T F. Bissyandé, J. Klein, Y. L. Traon, "AndroZoo: Collecting millions of Android apps for the research community”, IEEE/ACM 13th Working Conference on Mining Software Repositories, Austin, TX, USA, May 14-22, 2016.
• E. B. Karbab, M. Debbabi, A. Derhab, D. Mouheb, "MalDozer: Automatic framework for Android malware detection using deep learning”, Digital Investigation, 24, 48-59, 2018.
• M. A. Kızrak, B. Bolat, "Derin Öğrenme ile Kalabalık Analizi Üzerine Detaylı Bir Araştırma”, Bilişim Teknolojileri Dergisi, 11(3), 263-286, 2018.
• E. Dandil, K. K. Çevik, "Yapay Sinir Ağları İçin .NET Platformunda Görsel Bir Eğitim Yazılımının Geliştirilmesi”, Bilişim Teknolojileri Dergisi, 5(1), 19-28, 2012.
• N. Milosevic, A. Dehghantanha, K-K. R. Choo. "Machine learning aided Android malware classification”, Computers & Electrical Engineering, 61, 266-274, 2017.
• L. Li, D. Li, T F. Bissyande ve ark., "On locating malicious code in piggybacked Android apps”, Journal of Computer Science and Technology, 32(6), 1108–1124, 2017.
• T. Lei, Z. Qin, Z. Wang, Q. Li, D. Ye, "EveDroid: Event-Aware Android Malware Detection Against Model Degrading for IoT Devices”, IEEE Internet of Things Journal, 6(4), 6668 - 6680, 2019.