Digital Library[ Search Result ]
Analyzing the Effects of API Calls in Android Malware Detection Using Machine Learning
Seonghyun Park, Munyeong Kang, Jihyeon Park, Seong-je Cho, Sangchul Han
http://doi.org/10.5626/JOK.2021.48.3.257
This paper evaluates the effect of preprocessing and representing API call information on the accuracy of the system to detect malicious Android apps. We extract API calls that access or control sensitive data from target apps, and use the calls in machine learning algorithms to detect malicious apps. We then determine which expression of the API calls is most effective in classifying the apps as malicious or benign. Four ways of representing each API call are considered: class/method name with and without arguments/return type, and its presence (whether an API is called or not) and its frequency if called. The detection system has performed slightly better when the arguments/return type and the frequency of each API call were considered together. Its feature size was most efficient when considering the class/method name and the presence of each API call.
False-alarm Detection in Model-based API-call Safety Checking of Priority-based Multitasking Programs
http://doi.org/10.5626/JOK.2019.46.10.1035
A multitask program consists of a set of tasks that are executed according to a scheduling policy of the operating system. In order to verify a multitask program, it is necessary to consider the behavior of the operating system. Otherwise, false alarms are reported, e.g., a low-priority task is executed prior to a higher-priority task. Studies introduced a model-based verification method using the formal OS model for the effective verification of multitask programs, but they showed high false-alarm rates due to the abstraction of the application program. This paper proposes an automated false-alarm detection method which identifies false alarms by checking existence of the program path that performs the same sequence of API-calls as the counterexample reported by the model-based verification. The suggested method is applied to two sets of application programs running on an automotive operating system. Results show that 73% of the reported counterexamples were false alarms with an average detection time of 0.199 seconds for the test program and 17.95 seconds for the window control program.
API-call Constraint Checking Considering Alarms and ISRs for IoT Device Control Software
http://doi.org/10.5626/JOK.2018.45.12.1269
The IoT operating system provides a set of API functions for applications along with a set of API-call constraints and all the applications are required to use API in accordance with these constraints. Improper use of API can result in breaking of system integrity and system failure. The prior study introduced a method for API-call constraint checking by converting the operating system and application into formal models and identifying API-call constraint violation scenarios through model checking. But, Alarms that should be considered for actual time or interrupts that can occur arbitrarily were left out of the scope of the verification. This study introduces the method for verifying API-call constraints considering the Alarms and ISRs. The actual time of an alarm is converted to the relative time of the formal model, and interrupts are defined to be generated anytime to activate an ISR in the verification model. Application of the verification method to 19 IoT applications led to the detection of a total of 34 API-call constraint violations, 15 of which were not detected due to lack of consideration of Alarms and/or ISRs.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr