Quadro de referência para analise de software malicioso para Android

Autores

  • Christian Urcuqui-López Grupo de Investigación i2t, Universidad Icesi Cali, http://orcid.org/0000-0002-4627-1477
  • Andrés Navarro Cadavid Grupo de Investigación i2t, Universidad Icesi Cali,

DOI:

https://doi.org/10.18046/syt.v14i37.2241

Palavras-chave:

Framework, aprendizado de máquina, segurança, Google, software malicioso

Resumo

Android é um sistema operacional de código aberto com mais de um bilhão de usuários ativos, somando dispositivos móveis, televisão e relógios inteligentes, entre outros. A quantidade de informação sensível utilizada nestas tecnologias incentiva os cibercriminosos ao desenvolvimento de técnicas e ferramentas que permitam a aquisição desta informação ou alterem o bom funcionamento do dispositivo. E embora existam soluções que permitem um razoável nível de segurança da informação, com o passar dos dias a experiência dos atacantes cresce a uma taxa maior do que a dos trabalhos em segurança. Devido aos problemas detectados, alguns optaram por usar técnicas de inteligência artificial na segurança para Android, como o uso de algoritmos de aprendizado de máquina para a classificação de aplicações benignas e malignas. Este artigo propoe um framework de análise estática e aprendizado de máquina para a classificação de software benigno e malicioso para Android. 

Biografia do Autor

  • Christian Urcuqui-López, Grupo de Investigación i2t, Universidad Icesi Cali,

    Systems Engineer (emphasis in Management and Computing) and Master in Computing Management and Telecommunications from Universidad Icesi (Cali-Colombia). Member of Informatics and Telecommunications research group [i2t]. His areas of interest include: artificial intelligence, machine learning and security applied to informatics. 

     

     

  • Andrés Navarro Cadavid, Grupo de Investigación i2t, Universidad Icesi Cali,
    Electronic Engineer and Magister in Technology Management of the Universidad Pontificia Bolivariana (Medellín, Colombia) and Doctor of Engineering in Telecommunications of the Universidad Politécnica de Valencia (Spain). Full time professor and leader of the Informatics and Telecommunications research group (i2T) attached to the Information and Communications Department at the Universidad Icesi (Cali-Colombia). Counselor at the National Program of Electronics, Telecommunications and Informatics [ETI]. His areas of interest include Spectrum Management, Cognitive Radio, and Telematics solutions for health

Referências

Batyuk, L., Herpich, M., Camtepe, S. A., Raddatz, K., Schmidt, A., & Albayrak, S. (2011). Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on. Piscataway, NJ: IEEE.

Chan, P. K. & Lippmann, R. P. (2006). Machine learning for computer security. The Journal of Machine Learning Research, 7, 2669-2672.

Chang, C. C. & Lin, C. J. (2011). LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology (TIST), 2(3), 27.

Documentation of scikit-learn 0.16.1. (2014). [blog: Scikit-learn]. Retrieved from: http://scikit-learn.org/0.16/documentation.html

Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. (2014, March 26). Android Hacker's Handbook. John Wiley & Sons.

Elenkov, N. (2014). Android security internals: An in-depth guide to Android's security architecture. San Francisco, CA: No Starch Press.

Feizollah, A., Anuar, N. B., Salleh, R., Amalina, F., Ma’arof, R. U. R., & Shamshirband, S. (2014). A study of machine learning classifiers for anomaly-based mobile botnet detection. Malaysian Journal of Computer Science, 26(4), 251-265.

Fuentes, M. & Gómez, J. (2014). Valoración de la plataforma ASEF como base para detección de malware en aplicaciones Android. Ingenium, 8(21), 11-23.

Ghorbanzadeh, M., Chen, Y., Ma, Z., Clancy, T. C., & McGwier, R. (2013, January). A neural network approach to category validation of android applications. In Computing, Networking and Communications (ICNC), 2013 International Conference on (pp. 740-744). Piscataway, NJ: IEEE.

Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., & Witten, I. H. (2009). The WEKA data mining software: an update. ACM SIGKDD explorations newsletter, 11(1), 10-18.

Krutz, D. E., Mirakhorli, M., Malachowsky, S. A., Ruiz, A., Peterson, J., Filipski, A., & Smith, J. (2015, May). A dataset of open-source Android applications. In Mining Software Repositories (MSR), 2015 IEEE/ACM 12th Working Conference on (pp. 522-525). Los Alamitos, CA: IEEE Computer Society.

Londoño, S., Urcuqui, C., Amaya, M., Gómez, J., & Cadavid, A. (2015). SafeCandy: System for security, analysis and validation in Android. Sistemas & Telemática, 13(35), 89-102.

Metz, C. (2016, junio 2). Google’s training its ai to be Android’s security guard. Wired. Retrieved from: https://www.wired.com/2016/06/googles-android-security-team-turns-machine-learning?utm_content=buffere407d

Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2014). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing, 20(1), 343-357. 2014.

Peiravian, N., & Zhu, X. Machine learning for android malware detection using permission and api calls. In Tools with Artificial Intelligence (ICTAI), 2013 IEEE 25th International Conference on (pp. 300-305). Los Alamitos, CA: IEEE Computer Society.

Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., & Ioannidis, S. (2014, April). Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security (p. 5). New York, NY: ACM.

Pichai, S. (2014). Google I/O 2014 - Keynote [video. 6:43m]. Retrieved from https://www.google.com/events/io

Sahs, J., & Khan, L. (2012). A machine learning approach to android malware detection. In Intelligence and Security Informatics Conference (EISIC), 2012 European (pp. 141-147). Los Alamitos, CA: IEEE Computer Society.

Sharif, M. I., Lanzi, A., Giffin, J. T., & Lee, W. (2008). Impeding malware analysis using conditional code obfuscation. In NDSS Symposium 2008 (paper 19). Reston, VA: Internet Society. Retrieved from: http://www.isoc.org/isoc/conferences/ndss/08/papers/19_impeding_malware_analysis.pdf

Urcuqui, C. & Cadavid, A. Machine learning classifiers for Android malware analysis. Proceedings of the IEEE Colombian Conference on Communications and Computing 2016 [in press].

Wu, W. C. & Hung, S. H. (2014). DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: Proceedings of the 2014 Conference on Research in Adaptive and Convergent Systems (pp. 247-252). New York, NY: ACM. October 2014.

Yerima, S. Y., Sezer, S., McWilliams, G., & Muttik, I. (2013). A new android malware detection approach using bayesian classification. In Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on (pp. 121-128). Los Alamitos, CA: IEEE Computer Society.

Zhou, Y., & Jiang, X. (2012, May). Dissecting android malware: Characterization and evolution. In Proceedings 2012 IEEE Symposium on Security and Privacy: S&P 2012 (pp. 95-109). Los Alamitos, CA: IEEE Computer Society.

Downloads

Publicado

2016-08-05

Edição

v. 14 n. 37 (2016)

Seção

Discussion papers

Licença

Esta publicação está licenciada sob os termos da licença CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/deed.pt_BR).