BibTex RIS Kaynak Göster

MOBİL KÖTÜCÜL YAZILIMLAR VE GÜVENLİK ÇÖZÜMLERİ ÜZERİNE BİR İNCELEME

Yıl 2016, Cilt: 4 Sayı: 2, 49 - 64, 10.06.2016

Öz

Günümüzde mobil cihazlar her zaman ve her yerde farklı çeşitlerdeki servislere erişme imkânı sağlayarak hayatımızın önemli bir parçası haline gelmişlerdir. Son zamanlarda GSM, GPRS, Bluetooth ve Wi-Fi gibi mobil cihazlar tarafından kullanılan bağlantıların sayısının artmasıyla birlikte mobil cihazların zaman ve mekân kısıtlamaları ortadan kalkmıştır. Bu sebeple mobil iletişim kanallarını ve hizmetlerini istismar eden güvenlik açıklarının sayısında ve çeşitliliğinde artış yaşanmaktadır. Bu çalışma kapsamında mobil cihazlar için güvenlik çözümleri üzerine araştırmalar yapılarak kapsamlı bir bakış açısı sunma hedeflenmiştir. Mobil uygulamalardaki güvenlik açıkları, tehditler ve güvenlik çözümleri üzerine odaklanılmıştır. Kötücül yazılım tespit yöntemleri, mimariler, toplanan veriler ve işletim sistemlerine dayalı olarak mobil cihazları korumaya yönelik yaklaşımlar incelenmiştir.

Kaynakça

  • La Polla, M., Martinelli, F. ve Sgandurra, D., “A survey on security for mobile devices”, IEEE Communications Surveys & Tutorials, Cilt 15, No 1, 446–471, 2013.
  • Chen, P. S., Lin, S. ve Sun, C., “Simple and effective method for detecting abnormal internet behaviors of mobile devices”, Information Sciences, Cilt 321, No C. 193-204, 2015.
  • Feizollah, A., Anuar, N. B., Salleh, R. ve Abdul Wahab, A. W., “A review on feature selection in mobile malware detection”, Digital Investigation, Cilt 13, 22-37, 2015.
  • Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B. ve Elovici, Y., “Mobile malware detection through analysis of deviations in application network behavior”, Computers & Security, Cilt 43, 1-18, 2014.
  • Dini, G., Martinelli, F., Saracino, A. ve Sgandurra, D., “MADAM: A Multi-Level Anomaly Detector for Android Malware”, Computer Network Security, 240-253, 2012.
  • Damopoulos, D., Menesidou, S. A., Kambourakis, G., Papadaki, M., Clarke, N. ve Gritzalis, S., “Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers”, Security and Communication Networks, Cilt 5, No 1, 3-14, 2011.
  • Rastogi, V., Chen, Y. ve Enck, W., “AppsPlayground: Automatic Security Analysis of Smartphone Applications”, CODASPY’13, 2013 .
  • Khune, R. S, ve Thangakumar, J., “A cloud-based intrusion detection system for Android smartphones”, Radar, Communication and Computing (ICRCC), 180-184, 2012.
  • Seo, S., Gupta, A., Sallam, A. M., Bertino, E. ve Yim, K., “Detecting mobile malware threats to homeland security through static analysis”, Journal of Network and Computer Applications, Cilt 38, 43-53, 2014.
  • Arankumar, S., Srivatsa, M. ve Rajarajan, M., “A review paper on preserving privacy in mobile environments”, Journal of Network and Computer Applications, Cilt 53, 74-90, 2015.
  • Sawle, P. D. ve Gadicha, A. B., “Analysis of Malware Detection Techniques in Android”, A Monthly Journal of Computer Science and Information Technology, Cilt 3, No 3, 176-182, 2014.
  • He, D., Chan, S. ve Guizani, M., “Mobile application security: malware threats and defenses, Wireless Communications, IEEE, 22 (1). 138-144, 2015.
  • Wu, F., Narang, H. and Clarke, D. (2014) An Overview of Mobile Malware and Solutions”, Journal of Computer and Communications, Cilt 2, 8-17.
  • Felt, A. P., Finifter, M., Chin, E., Hanna, S. ve Wagner, D., “A Survey of Mobile Malware in the Wild”, SPSM '11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 3-14, 2011.
  • Shen, Y. C., Chien, R. ve Hung, S. H., “Toward Efficient Dynamic Analysis and Testing for Android Malware”, IT CoNvergence PRActice (INPRA), Cilt 2, No 3, 14-23, 2014.
  • Wang, X., Yang, Y. ve Zeng, Y., “Accurate mobile malware detection and classification in the cloud”, SpringerPlus, 2015.
  • Dua, L. ve Bansal, D., “Taxonomy: Mobile Malware Threats and Detection Techniques”, Computer Science & Information Technology (CS & IT), 213-221, 2014.
  • Chandramohan, M. ve Tan, H., “Detection of Mobile Malware in the Wild”, Computer, Cilt 45, No 9, 65-71, 2012.
  • Egele, M., Kruegel, C., Kirda, E. ve Vigna, G., “PiOS: Detecting Privacy Leaks in iOS Applications”, Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2011.
  • Enck, W., Octeau, D., McDaniel, P. ve Chaudhuri, S., “A Study of Android Application Security”, Proceedings of the 20th USENIX Security Symposium, 2011.
  • Ramu, S., “Mobile Malware Evolution, Detection and Defense”, EECE 571B, Term Survey Paper, 2012.
  • Isohara, T., Takemori, K. ve Kubota, A., “Kernel-based Behavior Analysis for Android Malware Detection”, Computational Intelligence and Security (CIS), 1011-1015, 2011.
  • Johnson, R., Wang, Z., Gagnon, C. ve Stavrou, A., “Analysis of android applications' permissions”, Software Security and Reliability Companion (SERE-C), 45-46, 2012.
  • Zheng, M., Sun, M. ve Lui, J. C. S., “DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware”, Trust, Security and Privacy in Computing and Communications (TrustCom), 163-171, 2013.
  • Gandotra, E., Bansal, D. ve Sofat, S., “Malware Analysis and Classification: A Survey”, Journal of Information Seurity, Cilt 5, 56-64, 2014.
  • Nataraj, L., Karthikeyan, S., Jacob, G. ve Manjunath, B., “Malware Images: Visualization and Automatic Classification”, Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011.
  • Kong, D. ve Yan, G., “Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification”, Proceedings of the ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems, 347-348, 2013.
  • Rieck, K., Trinius, P., Willems, C. ve Holz, T., “Automatic Analysis of Malware Behavior Using Machine Learning”, Journal of Computer Security, Cilt 19, 639-668, 2011.
  • Nari, S. and Ghorbani, A., “Automated Malware Classification Based on Network Behavior”, Proceedings of International Conference on Computing, Networking and Communications (ICNC), 642-647, 2013.
  • Santos, I., Devesa, J., Brezo, F., Nieves, J. ve Bringas, P.G., “OPEM: A Static-Dynamic Approach for Machine Learning Based Malware Detection”, International Joint Conference CISIS’12-ICEUTE´ 12-SOCO´ 12 Special Sessions, Cilt 189, 271-280, 2013.
  • Islam, R., Tian, R., Battenb, L. ve Versteeg, S., “Classification of Malware Based on Integrated Static and Dynamic Features”, Journal of Network and Computer Application, Cilt 36, 646-556, 2013.
  • Zhou Y. ve Jiang, X., “Dissecting Android Malware: Characterization and Evolution”. 2012 IEEE Symposium on Security and Privacy, 95– 109, 2012.
  • Aydoğan, E., Genetik Programlama Kullanılarak Mobil Zararlı Yazılımların Otomatik Olarak Üretilmesi, Yüksek Lisans Tezi, Hacettepe Üniversitesi, Fen Bilimleri Enstitüsü, 2014.
  • Arp, D., Spreitzenbarth, M., Gübner, M., Gascon, H. ve Rieck, K., “DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket”, Network and Distributed System Security (NDSS) Symposium 2014, 2014.
  • Lindorfer, M., Neugschwandtner, M. ve Weichselbaum, L., “ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors”, 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2014.
  • Mas`ud, M. Z., Sahib, S., Abdollah, M. F., Selamat, S. R., ve Yusof, R., “Android Malware Detection System Classification”, Research Journal of Information Technology, Cilt 6, No 4, 325-341, 2014.
  • Van der Meulen, R. ve Rivera, J., “Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013, Press Release, 2013.
  • Kabakuş, A. T., Doğru, İ. A., Çetin, A., “APK Auditor: Permission-based Android malware detection system”, Digital Investigation, Cilt 13, 1-14, 2015.
  • Kabakuş, A. T., Doğru, İ. A., Çetin, A. (2015). Android Kötücül Yazılım Tespit ve Koruma Sistemleri. Erciyes Üniversitesi Fen Bilimleri Enstitüsü Dergisi, Cilt 31, No 1, 9-16, 2015.
  • Torregrosa, B., A framework for detection of malicious software in Android handled systems using machine learning techniques, Universitat Autònoma de Barcelona, 2015.
Yıl 2016, Cilt: 4 Sayı: 2, 49 - 64, 10.06.2016

Öz

Kaynakça

  • La Polla, M., Martinelli, F. ve Sgandurra, D., “A survey on security for mobile devices”, IEEE Communications Surveys & Tutorials, Cilt 15, No 1, 446–471, 2013.
  • Chen, P. S., Lin, S. ve Sun, C., “Simple and effective method for detecting abnormal internet behaviors of mobile devices”, Information Sciences, Cilt 321, No C. 193-204, 2015.
  • Feizollah, A., Anuar, N. B., Salleh, R. ve Abdul Wahab, A. W., “A review on feature selection in mobile malware detection”, Digital Investigation, Cilt 13, 22-37, 2015.
  • Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B. ve Elovici, Y., “Mobile malware detection through analysis of deviations in application network behavior”, Computers & Security, Cilt 43, 1-18, 2014.
  • Dini, G., Martinelli, F., Saracino, A. ve Sgandurra, D., “MADAM: A Multi-Level Anomaly Detector for Android Malware”, Computer Network Security, 240-253, 2012.
  • Damopoulos, D., Menesidou, S. A., Kambourakis, G., Papadaki, M., Clarke, N. ve Gritzalis, S., “Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers”, Security and Communication Networks, Cilt 5, No 1, 3-14, 2011.
  • Rastogi, V., Chen, Y. ve Enck, W., “AppsPlayground: Automatic Security Analysis of Smartphone Applications”, CODASPY’13, 2013 .
  • Khune, R. S, ve Thangakumar, J., “A cloud-based intrusion detection system for Android smartphones”, Radar, Communication and Computing (ICRCC), 180-184, 2012.
  • Seo, S., Gupta, A., Sallam, A. M., Bertino, E. ve Yim, K., “Detecting mobile malware threats to homeland security through static analysis”, Journal of Network and Computer Applications, Cilt 38, 43-53, 2014.
  • Arankumar, S., Srivatsa, M. ve Rajarajan, M., “A review paper on preserving privacy in mobile environments”, Journal of Network and Computer Applications, Cilt 53, 74-90, 2015.
  • Sawle, P. D. ve Gadicha, A. B., “Analysis of Malware Detection Techniques in Android”, A Monthly Journal of Computer Science and Information Technology, Cilt 3, No 3, 176-182, 2014.
  • He, D., Chan, S. ve Guizani, M., “Mobile application security: malware threats and defenses, Wireless Communications, IEEE, 22 (1). 138-144, 2015.
  • Wu, F., Narang, H. and Clarke, D. (2014) An Overview of Mobile Malware and Solutions”, Journal of Computer and Communications, Cilt 2, 8-17.
  • Felt, A. P., Finifter, M., Chin, E., Hanna, S. ve Wagner, D., “A Survey of Mobile Malware in the Wild”, SPSM '11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 3-14, 2011.
  • Shen, Y. C., Chien, R. ve Hung, S. H., “Toward Efficient Dynamic Analysis and Testing for Android Malware”, IT CoNvergence PRActice (INPRA), Cilt 2, No 3, 14-23, 2014.
  • Wang, X., Yang, Y. ve Zeng, Y., “Accurate mobile malware detection and classification in the cloud”, SpringerPlus, 2015.
  • Dua, L. ve Bansal, D., “Taxonomy: Mobile Malware Threats and Detection Techniques”, Computer Science & Information Technology (CS & IT), 213-221, 2014.
  • Chandramohan, M. ve Tan, H., “Detection of Mobile Malware in the Wild”, Computer, Cilt 45, No 9, 65-71, 2012.
  • Egele, M., Kruegel, C., Kirda, E. ve Vigna, G., “PiOS: Detecting Privacy Leaks in iOS Applications”, Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2011.
  • Enck, W., Octeau, D., McDaniel, P. ve Chaudhuri, S., “A Study of Android Application Security”, Proceedings of the 20th USENIX Security Symposium, 2011.
  • Ramu, S., “Mobile Malware Evolution, Detection and Defense”, EECE 571B, Term Survey Paper, 2012.
  • Isohara, T., Takemori, K. ve Kubota, A., “Kernel-based Behavior Analysis for Android Malware Detection”, Computational Intelligence and Security (CIS), 1011-1015, 2011.
  • Johnson, R., Wang, Z., Gagnon, C. ve Stavrou, A., “Analysis of android applications' permissions”, Software Security and Reliability Companion (SERE-C), 45-46, 2012.
  • Zheng, M., Sun, M. ve Lui, J. C. S., “DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware”, Trust, Security and Privacy in Computing and Communications (TrustCom), 163-171, 2013.
  • Gandotra, E., Bansal, D. ve Sofat, S., “Malware Analysis and Classification: A Survey”, Journal of Information Seurity, Cilt 5, 56-64, 2014.
  • Nataraj, L., Karthikeyan, S., Jacob, G. ve Manjunath, B., “Malware Images: Visualization and Automatic Classification”, Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011.
  • Kong, D. ve Yan, G., “Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification”, Proceedings of the ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems, 347-348, 2013.
  • Rieck, K., Trinius, P., Willems, C. ve Holz, T., “Automatic Analysis of Malware Behavior Using Machine Learning”, Journal of Computer Security, Cilt 19, 639-668, 2011.
  • Nari, S. and Ghorbani, A., “Automated Malware Classification Based on Network Behavior”, Proceedings of International Conference on Computing, Networking and Communications (ICNC), 642-647, 2013.
  • Santos, I., Devesa, J., Brezo, F., Nieves, J. ve Bringas, P.G., “OPEM: A Static-Dynamic Approach for Machine Learning Based Malware Detection”, International Joint Conference CISIS’12-ICEUTE´ 12-SOCO´ 12 Special Sessions, Cilt 189, 271-280, 2013.
  • Islam, R., Tian, R., Battenb, L. ve Versteeg, S., “Classification of Malware Based on Integrated Static and Dynamic Features”, Journal of Network and Computer Application, Cilt 36, 646-556, 2013.
  • Zhou Y. ve Jiang, X., “Dissecting Android Malware: Characterization and Evolution”. 2012 IEEE Symposium on Security and Privacy, 95– 109, 2012.
  • Aydoğan, E., Genetik Programlama Kullanılarak Mobil Zararlı Yazılımların Otomatik Olarak Üretilmesi, Yüksek Lisans Tezi, Hacettepe Üniversitesi, Fen Bilimleri Enstitüsü, 2014.
  • Arp, D., Spreitzenbarth, M., Gübner, M., Gascon, H. ve Rieck, K., “DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket”, Network and Distributed System Security (NDSS) Symposium 2014, 2014.
  • Lindorfer, M., Neugschwandtner, M. ve Weichselbaum, L., “ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors”, 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2014.
  • Mas`ud, M. Z., Sahib, S., Abdollah, M. F., Selamat, S. R., ve Yusof, R., “Android Malware Detection System Classification”, Research Journal of Information Technology, Cilt 6, No 4, 325-341, 2014.
  • Van der Meulen, R. ve Rivera, J., “Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013, Press Release, 2013.
  • Kabakuş, A. T., Doğru, İ. A., Çetin, A., “APK Auditor: Permission-based Android malware detection system”, Digital Investigation, Cilt 13, 1-14, 2015.
  • Kabakuş, A. T., Doğru, İ. A., Çetin, A. (2015). Android Kötücül Yazılım Tespit ve Koruma Sistemleri. Erciyes Üniversitesi Fen Bilimleri Enstitüsü Dergisi, Cilt 31, No 1, 9-16, 2015.
  • Torregrosa, B., A framework for detection of malicious software in Android handled systems using machine learning techniques, Universitat Autònoma de Barcelona, 2015.
Toplam 40 adet kaynakça vardır.

Ayrıntılar

Bölüm Makaleler
Yazarlar

Anıl Utku

İbrahim Alper Doğru

Yayımlanma Tarihi 10 Haziran 2016
Gönderilme Tarihi 19 Ocak 2016
Yayımlandığı Sayı Yıl 2016 Cilt: 4 Sayı: 2

Kaynak Göster

APA Utku, A., & Doğru, İ. A. (2016). MOBİL KÖTÜCÜL YAZILIMLAR VE GÜVENLİK ÇÖZÜMLERİ ÜZERİNE BİR İNCELEME. Gazi University Journal of Science Part C: Design and Technology, 4(2), 49-64.

                                     16168      16167     16166     21432        logo.png


    e-ISSN:2147-9526