정적 분석을 통한 안드로이드 기반 스마트폰의 악성코드 탐지 기법

Abstract

As Google's Android shows the fastest growing mobile smartphone operating system in the world, also some vulnerability issues in Android browser which could allow an attacker to remotely steal the user's local data or to make spoof applications that could silently download a mobile malware application in the background have been increasing today. Due to the increase, many Android applications which may contain mobile malware recently started to show up on the Android Market(Google's app store for Android).

Most mobile antivirus applications are for Windows Mobile and Symbian devices so far

However with the increase of threats also for Android, many mobile antivirus companies are trying to treat this OS in their product. Nevertheless a lot of security issues in mobile circumstance arise continuously. The important thing is that both neither Google nor Microsoft handle and approve, in fact, apps the same way for example Apple does.

The motivation for this thesis was to extract and detect an Android malware efficiently and more quickly. The static analysis is used to achieve this. Further, the signature detection technique with a few heuristic techniques shows the brilliant results. In particular, the proposed solution extracts a header of malware and a operation data with so called static analysis. Then, 'SHA-1 signature' and 'API Call Combination signature' are extracted - each function separately identifies a specific application and detects the specific factors that affect to the operation system directly. Finally the proposed solution senses a mobile malware application quickly and correctly with these signatures and heuristic techniques which are able to detect a new and mutant efficiently, whereas other previous antivirus applications show good performance but there are some fatal flaws to detect them. Futhermore the static analysis permits a prompt detection before an execution.