ارائه روشی مبتنی بر راهکار نزدیک ترین همسایه ها و فاصله همینگ به منظور شناسایی برنامه های مخرب

نوع مقاله : مقاله پژوهشی

نویسنده

دانشیار، دانشکده رایانه و فناوری اطلاعات، دانشگاه هوایی شهید ستاری، تهران، ایران

چکیده

امروزه دستگاه‌های مبتنی بر اندروید مثل تلفن‌های همراه هوشمند، تبلت‌ها و اخیراً هدست‌های واقعیت مجازی، کاربرد روز افزونی در زندگی روزمره ما پیدا کرده‌اند. همراه با توسعه نرم افزارها برای این دستگاه‌ها، برنامه‌های مخرب جدیدی توسط نفوذگران منتشر می‌شود که شناسایی و مقابله با آن‌ها مشکل‌تر است چون از روش‌های پیچیده‌تری استفاده می‌کنند. اگرچه تاکنون روش‌هایی برای محاسبه خطر امنیتی و شناسایی برنامه‌های مخرب ارائه شده‌اند، اما با گسترش سطح و عمق تهدیدات آن‌ها، نیاز به روش‌های جدید در این زمینه همچنان احساس می‌شود. در این مقاله الگوریتم جدیدی به منظور محاسبه خطر امنیتی برنامه‌های اندروید ارائه داده‌ایم که می‌تواند در شناسایی برنامه‌های مخرب از برنامه های مفید به کار رود. در این الگوریتم برای محاسبه خطر امنیتی یک برنامه ورودی، به کمک فاصله همینگ نزدیک ترین همسایه‌ها از نوع برنامه‌های مخرب و نزدیک‌ترین همسایه‌ها از نوع برنامه‌های بی‌خطر به طور جداگانه مشخص می‌شوند. سپس بر اساس معیاری که در این مقاله ارائه شده است، خطر امنیتی برنامه ورودی محاسبه می‌گردد. پس از پیاده-سازی این الگوریتم و تنظیم پارامتر تعداد همسایه به کمک مجموعه داده‌های واقعی، آزمایش‌های گسترده و متنوعی به منظور ارزیابی روش پیشنهادی صورت گرفت. در این آزمایش‌ها، روش پیشنهادی با سه روش شناخته شده قبلی در زمینه تشخیص برنامه‌های مخرب، به کمک چهار مجموعه داده مختلف، مقایسه شد. نتایج حاصل نشان دهنده نرخ تشخیص بالاتر روش پیشنهادی در اغلب موارد است.

کلیدواژه‌ها


عنوان مقاله [English]

Presenting A Method Based on Nearest Neighbors and Hamming Distance in Order to Identify Malicious Applications

نویسنده [English]

  • Mahmood Deypir
Associate Professor, Faculty of Computer and Information Technology, Shahid Sattari Aviation University, Tehran, Iran
چکیده [English]

Nowadays, Android-based devices such as smart phones, tablets, and recently virtual reality headsets have found increasing usage in our daily lives. Along with the development of software for these devices, new malicious applications are released by intruders, which are more difficult to identify and deal with because they use more sophisticated methods. Although methods have been provided to calculate the security risk and identify malicious apps, but with the expansion of the level and depth of their threats, the need for new methods in this field is still required. In this study, we have presented a new algorithm to calculate the security risk of Android apps, which can be used to identify malicious apps from benign ones. In this algorithm, to estimate the security risk of an input app, the nearest neighbors of the type of malicious apps and the nearest neighbors of the type of normal apps are determined separately using Hamming distance. Then, based on the criteria presented in this article, the security risk of an unknown input app can be computed. After implementing this algorithm and adjusting the parameter of the number of neighbors with the help of real data, extensive various experiments were conducted in order to evaluate the proposed method. In these experiments, the proposed method was compared with three previously known methods in the context of detecting malicious apps, using four different datasets. The results show the higher detection rate of the proposed method in most cases.

کلیدواژه‌ها [English]

  • Malware
  • Hamming distance
  • Nearest neighbor
  • Security risk

Smiley face

[1]      Inside, “Hackers remotely connect to VR devices via Big Brother malware,”  https://inside.com/xr/posts/hackers-remotely-connect-to-vr-devices-via-big-brother-malware-299588,” 2022.
[2]      B. Toulas, “New Android malware on Google Play installed 3 million times,” https://www.bleepingcomputer.com/news/security/new-android-malware-on-google-play-installed-3-million-times/, 2022.
[3]      L. Wen and H. Yu, “An Android malware detection system based on machine learning,” AIP conference proceedings. vol. 1864, No. 1. AIP publishing, 2017.
[4]      S. Gunalakshmii and P. Ezhumalai, “Mobile keylogger detection using machine learning technique,”In Proceedings of IEEE International Conference on Computer Communication and Systems, pp. 051–056, 2014.
[5]      J. Sahs and L. Khan, “A Machine Learning Approach to Android Malware Detection,” 2012 Eur. Intell. Secur. Informatics Conf., pp. 141–147, 2012.
[6]      S. Y. Yerima, S. Sezer, and I. Muttik, “Android Malware Detection Using Parallel Machine Learning Classifiers,” In Eighth international conference on next generation mobile apps, services and technologies, pp. 37–42, 2014.
[7]      M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo, “Data Mining Methods for Detection of New Malicious Executables,” Proc. 2001 IEEE
Symp. Secur. Priv., p. 38--, 2001.
[8]      W. G. Hatcher, D. Maloney, and W. Yu, “Machine learning-based mobile threat monitoring and detection,” 2016 IEEE/ACIS 14th Int. Conf.
Softw. Eng. Res. Manag. Appl. SERA 2016, pp. 67–73, 2016.
[9]      C. Gavrilu, Drago, Mihai, D. Anton, and L. Ciortuz, “Malware detection
using machine learning,” Comput. Sci. Inf. Technol. 2009. IMCSIT’09. Int.
Multiconference, pp. 735–741, 2009.]
[10]    Y. Chen, Y. Li, A. Tseng, and T. Lin, “Deep Learning for Malicious Flow Detection,” IEEE Access, p. 7, 2018
[11]    Rahali, A., Lashkari, A. H., Kaur, G., Taheri, L., Gagnon, F., & Massicotte, F. (2020, November). Didroid: Android malware classification and characterization using deep image learning. In 2020 The 10th international conference on communication and network security (pp. 70-82).
[12]    H. Li, S. Zhou, W. Yuan, X. Luo, C. Gao, S. Chen, Robust android malware detection against adversarial example attacks. In Proceedings of the Web Conference 2021, pp. 3603-3612.
[13]    H. Li, S. Zhou, W. Yuan, J. Li, and H. Leung,. Adversarial-example attacks toward android malware detection system. IEEE Systems Journal, 14(1), 2019, pp. 653-656.
[14]    C. S. Gates, J. Chen, N. Li, and R. W. Proctor, “Effective risk communication for android apps,” IEEE Transactions on dependable and secure computing, vol. 11, no. 3, pp. 252-265, 2013.
[15]    H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, R., and I. Molloy, “Using probabilistic generative models for ranking risks of android apps,” In Proceedings of the 2012 ACM conference on Computer and communications security, ACM,  October 2012, pp. 241-252.
[16]    C. S. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, and I. Molloy, “Generating summary risk scores for mobile applications,” Dependable and Secure Computing, IEEE Transactions on, vol. 11, no. 3, pp. 238-251, 2014.
[17]    M. Deypir, “Estimating Security Risks of Android Apps Using Information Gain,” Electronic and Cyber Defense, vol. 5, no. 1, pp. 73-83, 2017. (in Persian).
[18]    M. Deypir, “Entropy-based security risk measurement for Android mobile applications,” Soft Computing, vol. 23, no. 16, pp. 7303-7319, 2019.
[19]    H. X. Son, B. Carminati, and E. Ferrari, “A Risk Assessment Mechanism for Android Apps,” In 2021 IEEE International Conference on Smart Internet of Things (SmartIoT), August 2021, pp. 237-244.
[20]    H. X. Son, B. Carminati, E. Ferrari, “A Risk Estimation Mechanism for Android Apps based on Hybrid Analysis,” Data Science and Engineering, 2022, pp. 1-11.
[21]    M. Deypir, A. Horri, “Instance based security risk value estimation for Android applications,” Journal of information security and applications, vol. 40, pp. 20-30, 2018.
[22]    D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T Siemens, “Drebin: Effective and explainable detection of android malware in your pocket,” In Ndss, Vol. 14, February 2014,pp. 23-26.
[23]    D. Geneiatakis, I. N. Fovino, I. Kounelis, and P. Stirparo, “A Permission verification approach for android mobile applications,” Computers & Security, vol. 49, pp.192-205, 2015.
[24]    B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android permissions: a perspective combining risks and benefits,” In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, June 2012, pp. 13-22.
[25]    A. D. Schmidt, R. Bye,  H. G. Schmidt, J. Clausen, O. Kiraz, K. Yüksel, and S. Albayrak, “Static analysis of executables for collaborative malware detection on android,” In Communications, 2009. ICC'09. IEEE International Conference on, June 2009, pp. 1-5.
[26]    Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets,” In NDSS, Vol. 25, No. 4, February 2012, pp. 50-52.
[27]    Y. Aafer, W. Du, and H. Yin, “DroidAPIMiner: Mining API-level features for robust malware detection in android,” In Security and Privacy in Communication Networks, 2013, pp. 86-103. 
[28]    M. Christodorescu, S. Jha, C. Kruegel, “Mining specifications of malicious behavior,” In Proceedings of the 1st India software engineering conference, ACM, February 2008, pp. 5-14.
[29]    K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, “Learning and classification of malware behavior,” In Detection of Intrusions and Malware, and Vulnerability Assessment, 2008, pp. 108-125.
[30]    A. Shabtai, and Y. Elovici, “Applying behavioral detection on android-based devices,” In Mobile Wireless Middleware, Operating Systems, and Applications, 2010, pp. 235-249.
[31]    I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: behavior-based malware detection system for android,” In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, October 2011, pp. 15-26.
[32]    Y. Zhou, and X. Jiang, “Dissecting android malware: Characterization and evolution”, In Security and Privacy (SP), 2012 IEEE Symposium on May 2012, pp. 95-109.
[33]    D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM conference on Computer and communications security, October 2010, pp. 73-84.
[34]    D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM conference on Computer and communications security, October 2010, pp. 73-84.
[35]    W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A Study of Android Application Security,” In USENIX security symposium, August 2011 Vol. 2, p. 2.
[36]    W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM conference on Computer and communications security, November 2009, pp. 235-245. 
[37]    S. Chakradeo, B. Reaves, P. Traynor, W. Enck, “Mast: triage for market-scale mobile malware analysis,” In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, April 2013, pp. 13-24.
[38]    K. W. Y. Au, Y. F. Zhou, Z. Huang, D. Lie, “Pscout: analyzing the android permission specification,” In Proceedings of the 2012 ACM conference on Computer and communications security, October 2012, pp. 217-228.
[39]    Yang, M., & Wen, Q. (2016, August). Detecting android malware with intensive feature engineering. In 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS) (pp. 157-161). IEEE.
[40]    N. Zhang, Y. A. Tan, C. Yang, and Y. Li, “Deep learning feature exploration for android malware detection,” Applied Soft Computing, vol. 102, 2021.
دوره 11، شماره 2 - شماره پیاپی 42
شماره پیاپی 42، فصلنامه تابستان
تیر 1402
صفحه 81-90
  • تاریخ دریافت: 18 شهریور 1401
  • تاریخ بازنگری: 23 دی 1401
  • تاریخ پذیرش: 27 اردیبهشت 1402
  • تاریخ انتشار: 01 تیر 1402