تعداد نشریات | 38 |
تعداد شمارهها | 1,240 |
تعداد مقالات | 8,994 |
تعداد مشاهده مقاله | 7,843,926 |
تعداد دریافت فایل اصل مقاله | 4,705,404 |
ارائه روشی مبتنی بر راهکار نزدیک ترین همسایه ها و فاصله همینگ به منظور شناسایی برنامه های مخرب | ||
پدافند الکترونیکی و سایبری | ||
دوره 11، شماره 2 - شماره پیاپی 42، تیر 1402، صفحه 81-90 اصل مقاله (938.62 K) | ||
نوع مقاله: مقاله پژوهشی | ||
نویسنده | ||
محمود دی پیر* | ||
دانشیار، دانشکده رایانه و فناوری اطلاعات، دانشگاه هوایی شهید ستاری، تهران، ایران | ||
تاریخ دریافت: 18 شهریور 1401، تاریخ بازنگری: 23 دی 1401، تاریخ پذیرش: 27 اردیبهشت 1402 | ||
چکیده | ||
امروزه دستگاههای مبتنی بر اندروید مثل تلفنهای همراه هوشمند، تبلتها و اخیراً هدستهای واقعیت مجازی، کاربرد روز افزونی در زندگی روزمره ما پیدا کردهاند. همراه با توسعه نرم افزارها برای این دستگاهها، برنامههای مخرب جدیدی توسط نفوذگران منتشر میشود که شناسایی و مقابله با آنها مشکلتر است چون از روشهای پیچیدهتری استفاده میکنند. اگرچه تاکنون روشهایی برای محاسبه خطر امنیتی و شناسایی برنامههای مخرب ارائه شدهاند، اما با گسترش سطح و عمق تهدیدات آنها، نیاز به روشهای جدید در این زمینه همچنان احساس میشود. در این مقاله الگوریتم جدیدی به منظور محاسبه خطر امنیتی برنامههای اندروید ارائه دادهایم که میتواند در شناسایی برنامههای مخرب از برنامه های مفید به کار رود. در این الگوریتم برای محاسبه خطر امنیتی یک برنامه ورودی، به کمک فاصله همینگ نزدیک ترین همسایهها از نوع برنامههای مخرب و نزدیکترین همسایهها از نوع برنامههای بیخطر به طور جداگانه مشخص میشوند. سپس بر اساس معیاری که در این مقاله ارائه شده است، خطر امنیتی برنامه ورودی محاسبه میگردد. پس از پیاده-سازی این الگوریتم و تنظیم پارامتر تعداد همسایه به کمک مجموعه دادههای واقعی، آزمایشهای گسترده و متنوعی به منظور ارزیابی روش پیشنهادی صورت گرفت. در این آزمایشها، روش پیشنهادی با سه روش شناخته شده قبلی در زمینه تشخیص برنامههای مخرب، به کمک چهار مجموعه داده مختلف، مقایسه شد. نتایج حاصل نشان دهنده نرخ تشخیص بالاتر روش پیشنهادی در اغلب موارد است. | ||
کلیدواژهها | ||
بدافزار؛ فاصله همینگ؛ نزدیک ترین همسایه؛ خطر امنیتی | ||
عنوان مقاله [English] | ||
Presenting A Method Based on Nearest Neighbors and Hamming Distance in Order to Identify Malicious Applications | ||
نویسندگان [English] | ||
Mahmood Deypir | ||
Associate Professor, Faculty of Computer and Information Technology, Shahid Sattari Aviation University, Tehran, Iran | ||
چکیده [English] | ||
Nowadays, Android-based devices such as smart phones, tablets, and recently virtual reality headsets have found increasing usage in our daily lives. Along with the development of software for these devices, new malicious applications are released by intruders, which are more difficult to identify and deal with because they use more sophisticated methods. Although methods have been provided to calculate the security risk and identify malicious apps, but with the expansion of the level and depth of their threats, the need for new methods in this field is still required. In this study, we have presented a new algorithm to calculate the security risk of Android apps, which can be used to identify malicious apps from benign ones. In this algorithm, to estimate the security risk of an input app, the nearest neighbors of the type of malicious apps and the nearest neighbors of the type of normal apps are determined separately using Hamming distance. Then, based on the criteria presented in this article, the security risk of an unknown input app can be computed. After implementing this algorithm and adjusting the parameter of the number of neighbors with the help of real data, extensive various experiments were conducted in order to evaluate the proposed method. In these experiments, the proposed method was compared with three previously known methods in the context of detecting malicious apps, using four different datasets. The results show the higher detection rate of the proposed method in most cases. | ||
کلیدواژهها [English] | ||
Malware, Hamming distance, Nearest neighbor, Security risk | ||
مراجع | ||
[1] Inside, “Hackers remotely connect to VR devices via Big Brother malware,” https://inside.com/xr/posts/hackers-remotely-connect-to-vr-devices-via-big-brother-malware-299588,” 2022. [2] B. Toulas, “New Android malware on Google Play installed 3 million times,” https://www.bleepingcomputer.com/news/security/new-android-malware-on-google-play-installed-3-million-times/, 2022. [3] L. Wen and H. Yu, “An Android malware detection system based on machine learning,” AIP conference proceedings. vol. 1864, No. 1. AIP publishing, 2017. [4] S. Gunalakshmii and P. Ezhumalai, “Mobile keylogger detection using machine learning technique,”In Proceedings of IEEE International Conference on Computer Communication and Systems, pp. 051–056, 2014. [5] J. Sahs and L. Khan, “A Machine Learning Approach to Android Malware Detection,” 2012 Eur. Intell. Secur. Informatics Conf., pp. 141–147, 2012. [6] S. Y. Yerima, S. Sezer, and I. Muttik, “Android Malware Detection Using Parallel Machine Learning Classifiers,” In Eighth international conference on next generation mobile apps, services and technologies, pp. 37–42, 2014. [7] M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo, “Data Mining Methods for Detection of New Malicious Executables,” Proc. 2001 IEEE [8] W. G. Hatcher, D. Maloney, and W. Yu, “Machine learning-based mobile threat monitoring and detection,” 2016 IEEE/ACIS 14th Int. Conf. [9] C. Gavrilu, Drago, Mihai, D. Anton, and L. Ciortuz, “Malware detection [10] Y. Chen, Y. Li, A. Tseng, and T. Lin, “Deep Learning for Malicious Flow Detection,” IEEE Access, p. 7, 2018 [11] Rahali, A., Lashkari, A. H., Kaur, G., Taheri, L., Gagnon, F., & Massicotte, F. (2020, November). Didroid: Android malware classification and characterization using deep image learning. In 2020 The 10th international conference on communication and network security (pp. 70-82). [12] H. Li, S. Zhou, W. Yuan, X. Luo, C. Gao, S. Chen, Robust android malware detection against adversarial example attacks. In Proceedings of the Web Conference 2021, pp. 3603-3612. [13] H. Li, S. Zhou, W. Yuan, J. Li, and H. Leung,. Adversarial-example attacks toward android malware detection system. IEEE Systems Journal, 14(1), 2019, pp. 653-656. [14] C. S. Gates, J. Chen, N. Li, and R. W. Proctor, “Effective risk communication for android apps,” IEEE Transactions on dependable and secure computing, vol. 11, no. 3, pp. 252-265, 2013. [15] H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, R., and I. Molloy, “Using probabilistic generative models for ranking risks of android apps,” In Proceedings of the 2012 ACM conference on Computer and communications security, ACM, October 2012, pp. 241-252. [16] C. S. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, and I. Molloy, “Generating summary risk scores for mobile applications,” Dependable and Secure Computing, IEEE Transactions on, vol. 11, no. 3, pp. 238-251, 2014. [17] M. Deypir, “Estimating Security Risks of Android Apps Using Information Gain,” Electronic and Cyber Defense, vol. 5, no. 1, pp. 73-83, 2017. (in Persian). [18] M. Deypir, “Entropy-based security risk measurement for Android mobile applications,” Soft Computing, vol. 23, no. 16, pp. 7303-7319, 2019. [19] H. X. Son, B. Carminati, and E. Ferrari, “A Risk Assessment Mechanism for Android Apps,” In 2021 IEEE International Conference on Smart Internet of Things (SmartIoT), August 2021, pp. 237-244. [20] H. X. Son, B. Carminati, E. Ferrari, “A Risk Estimation Mechanism for Android Apps based on Hybrid Analysis,” Data Science and Engineering, 2022, pp. 1-11. [21] M. Deypir, A. Horri, “Instance based security risk value estimation for Android applications,” Journal of information security and applications, vol. 40, pp. 20-30, 2018. [22] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T Siemens, “Drebin: Effective and explainable detection of android malware in your pocket,” In Ndss, Vol. 14, February 2014,pp. 23-26. [23] D. Geneiatakis, I. N. Fovino, I. Kounelis, and P. Stirparo, “A Permission verification approach for android mobile applications,” Computers & Security, vol. 49, pp.192-205, 2015. [24] B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android permissions: a perspective combining risks and benefits,” In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, June 2012, pp. 13-22. [25] A. D. Schmidt, R. Bye, H. G. Schmidt, J. Clausen, O. Kiraz, K. Yüksel, and S. Albayrak, “Static analysis of executables for collaborative malware detection on android,” In Communications, 2009. ICC'09. IEEE International Conference on, June 2009, pp. 1-5. [26] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets,” In NDSS, Vol. 25, No. 4, February 2012, pp. 50-52. [27] Y. Aafer, W. Du, and H. Yin, “DroidAPIMiner: Mining API-level features for robust malware detection in android,” In Security and Privacy in Communication Networks, 2013, pp. 86-103. [28] M. Christodorescu, S. Jha, C. Kruegel, “Mining specifications of malicious behavior,” In Proceedings of the 1st India software engineering conference, ACM, February 2008, pp. 5-14. [29] K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, “Learning and classification of malware behavior,” In Detection of Intrusions and Malware, and Vulnerability Assessment, 2008, pp. 108-125. [30] A. Shabtai, and Y. Elovici, “Applying behavioral detection on android-based devices,” In Mobile Wireless Middleware, Operating Systems, and Applications, 2010, pp. 235-249. [31] I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: behavior-based malware detection system for android,” In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, October 2011, pp. 15-26. [32] Y. Zhou, and X. Jiang, “Dissecting android malware: Characterization and evolution”, In Security and Privacy (SP), 2012 IEEE Symposium on May 2012, pp. 95-109. [33] D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM conference on Computer and communications security, October 2010, pp. 73-84. [34] D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” In Proceedings of the 17th ACM conference on Computer and communications security, October 2010, pp. 73-84. [35] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A Study of Android Application Security,” In USENIX security symposium, August 2011 Vol. 2, p. 2. [36] W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification,” In Proceedings of the 16th ACM conference on Computer and communications security, November 2009, pp. 235-245. [37] S. Chakradeo, B. Reaves, P. Traynor, W. Enck, “Mast: triage for market-scale mobile malware analysis,” In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, April 2013, pp. 13-24. [38] K. W. Y. Au, Y. F. Zhou, Z. Huang, D. Lie, “Pscout: analyzing the android permission specification,” In Proceedings of the 2012 ACM conference on Computer and communications security, October 2012, pp. 217-228. [39] Yang, M., & Wen, Q. (2016, August). Detecting android malware with intensive feature engineering. In 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS) (pp. 157-161). IEEE. [40] N. Zhang, Y. A. Tan, C. Yang, and Y. Li, “Deep learning feature exploration for android malware detection,” Applied Soft Computing, vol. 102, 2021. | ||
آمار تعداد مشاهده مقاله: 152 تعداد دریافت فایل اصل مقاله: 257 |