Mobil Kötücül Yazılımlar ve Güvenlik Çözümleri Üzerine Bir İnceleme

Günümüzde mobil cihazlar her zaman ve her yerde farklı çeşitlerdeki servislere erişme imkânı sağlayarak hayatımızın önemli bir parçası haline gelmişlerdir. Son zamanlarda GSM, GPRS, Bluetooth ve Wi-Fi gibi mobil cihazlar tarafından kullanılan bağlantıların sayısının artmasıyla birlikte mobil cihazların zaman ve mekân kısıtlamaları ortadan kalkmıştır. Bu sebeple mobil iletişim kanallarını ve hizmetlerini istismar eden güvenlik açıklarının sayısında ve çeşitliliğinde artış yaşanmaktadır. Bu çalışma kapsamında mobil cihazlar için güvenlik çözümleri üzerine araştırmalar yapılarak kapsamlı bir bakış açısı sunma hedeflenmiştir. Mobil uygulamalardaki güvenlik açıkları, tehditler ve güvenlik çözümleri üzerine odaklanılmıştır. Kötücül yazılım tespit yöntemleri, mimariler, toplanan veriler ve işletim sistemlerine dayalı olarak mobil cihazları korumaya yönelik yaklaşımlar incelenmiştir.

A Review on Mobile Malware and Security Solutions

Nowadays, mobile devices have become an important part of our lives by providing the opportunity to access to different kind of services every time and everywhere. Recently, time and place constrains of mobile devices have been disappeared with increasing number of connections that is used by mobile devices such as GSM, GPRS, Bluetooth, Wi-Fi. Thus, number and kind of security vulnerabilities that misuse mobile communication channels and services have increased recently. In this study, it was targeted some researches on security solutions for mobile devices to present a comprehensive view. It was focused on security vulnerabilities, threats, and solutions on mobile applications. It was analyzed approaches which protect mobile devices based on malware detection techniques, architectures, collected data, and operating systems.

PDF

___

La Polla, M., Martinelli, F. ve Sgandurra, D., "A survey on security for mobile devices", IEEE Communications Surveys & Tutorials, Cilt 15, No 1, 446-471, 2013.
Chen, P. S., Lin, S. ve Sun, C., "Simple and effective method for detecting abnormal internet behaviors of mobile devices", Information Sciences, Cilt 321, No C. 193-204, 2015.
Damopoulos, D., Menesidou, S. A., Kambourakis, G., Papadaki, M., Clarke, N. ve Gritzalis, S., "Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers", Security and Communication Networks, Cilt 5, No 1, 3-14, 2011.
Dini, G., Martinelli, F., Saracino, A. ve Sgandurra, D., "MADAM: A Multi-Level Anomaly Detector for Android Malware", Computer Network Security, 240-253, 2012.
Khune, R. S, ve Thangakumar, J., "A cloud-based intrusion detection system for Android smartphones", Computing (ICRCC), 180-184, 2012. Communication and [6] Rastogi, V., Chen, Y. ve Enck, W., "AppsPlayground: Automatic Security Analysis of Smartphone Applications", CODASPY'13, 2013.
Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B. ve Elovici, Y., "Mobile malware detection through analysis of deviations in application network behavior", Computers & Security, Cilt 43, 1-18, 2014.
Seo, S., Gupta, A., Sallam, A. M., Bertino, E. ve Yim, K., "Detecting mobile malware threats to homeland security through static analysis", Journal of Network and Computer Applications, Cilt 38, 43-53, 2014.
Feizollah, A., Anuar, N. B., Salleh, R. ve Abdul Wahab, A. W., "A review on feature selection in mobile malware detection", Digital Investigation, Cilt 13, 22-37, 2015.
Arankumar, S., Srivatsa, M. ve Rajarajan, M., "A review paper on preserving privacy in mobile environments", Journal of Network and Computer Applications, Cilt 53, 74-90, 2015.
Sawle, P. D. ve Gadicha, A. B., "Analysis of Malware Detection Techniques in Android", A Monthly Journal of Computer Science and Information Technology, Cilt 3, No 3, 176-182, 2014.
He, D., Chan, S. ve Guizani, M., "Mobile application security: malware threats and defenses, Wireless Communications, IEEE, 22 (1). 138-144, 2015.
Wu, F., Narang, H. and Clarke, D. (2014) An Overview of Mobile Malware and Solutions", Journal of Computer and Communications, Cilt 2, 8-17.
Felt, A. P., Finifter, M., Chin, E., Hanna, S. ve Wagner, D., "A Survey of Mobile Malware in the Wild", SPSM '11 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 3-14, 2011.
Shen, Y. C., Chien, R. ve Hung, S. H., "Toward Efficient Dynamic Analysis and Testing for Android Malware", IT CoNvergence PRActice (INPRA), Cilt 2, No 3, 14-23, 2014.
Wang, X., Yang, Y. ve Zeng, Y., "Accurate mobile malware detection and classification in the cloud", SpringerPlus, 2015.
Dua, L. ve Bansal, D., "Taxonomy: Mobile Malware Threats and Detection Techniques", Computer Science & Information Technology (CS & IT), 213-221, 2014.
Chandramohan, M. ve Tan, H., "Detection of Mobile Malware in the Wild", Computer, Cilt 45, No 9, 65-71, 2012.
Egele, M., Kruegel, C., Kirda, E. ve Vigna, G., "PiOS: Detecting Privacy Leaks in iOS Applications", Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2011.
Enck, W., Octeau, D., McDaniel, P. ve Chaudhuri, S., "A Study of Android Application Security", Proceedings of the 20th USENIX Security Symposium, 2011.
Ramu, S., "Mobile Malware Evolution, Detection and Defense", EECE 571B, Term Survey Paper, 2012.
Isohara, T., Takemori, K. ve Kubota, A., "Kernel-based Behavior Analysis for Android Malware Detection", Computational Intelligence and Security (CIS), 1011-1015, 2011.
Johnson, R., Wang, Z., Gagnon, C. ve Stavrou, A., "Analysis of android applications' permissions", Software Security and Reliability Companion (SERE-C), 45-46, 2012.
Zheng, M., Sun, M. ve Lui, J. C. S., "DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware", Trust, Security and Privacy in Computing and Communications (TrustCom), 163-171, 2013.
Gandotra, E., Bansal, D. ve Sofat, S., "Malware Analysis and Classification: A Survey", Journal of Information Seurity, Cilt 5, 56-64, 2014.
Nataraj, L., Karthikeyan, S., Jacob, G. ve Manjunath, B., "Malware Images: Visualization and Automatic Classification", Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011.
Rieck, K., Trinius, P., Willems, C. ve Holz, T., "Automatic Analysis of Malware Behavior Using Machine Learning", Journal of Computer Security, Cilt 19, 639-668, 2011.
Kong, D. ve Yan, G., "Discriminant Malware Distance Learning on Structural Information for Automated Malware Classification", Proceedings of Conference on Measurement and Modeling of Computer Systems, 347-348, 2013.
Nari, S. and Ghorbani, A., "Automated Malware Classification Based on Network Behavior", Proceedings of International Conference on Computing, Networking and Communications (ICNC), 642-647, 2013.
Santos, I., Devesa, J., Brezo, F., Nieves, J. ve Bringas, P.G., "OPEM: A Static-Dynamic Approach for Machine Learning Based Malware Detection", CISIS'12-ICEUTE´ Sessions, Cilt 189, 271-280, 2013. Conference 12-SOCO´ 12 Special
Islam, R., Tian, R., Battenb, L. ve Versteeg, S., "Classification of Malware Based on Integrated Static and Dynamic Features", Journal of Network and Computer Application, Cilt 36, 646-556, 2013.
Kim, H., Shin, K.G., Pillai, P., "MODELZ: Monitoring, Energy-Greedy Anomalies in Mobile Handsets", IEEE Transactions on Mobile Computing, Cilt 10, No 7, 968-981, 2011. and Analysis of
Shabtai, A., Kanonov, U., Elovici, Y., et al. "Andromaly: a behavioral malware detection framework for android devices", Journal of Intelligent Information Systems, Cilt 38, No 1, 161-190, 2012.
Lu, Y., Zulie, P., Jingju, L., et al. "Android malware detection technology based on improved Bayesian Classification", 2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and Control, 1338- 1341, 2013.
Yerima, S.Y., Sezer, S., Muttik, I., "Android Malware Detection Using Parallel Machine Learning Classifiers", 2014 Eighth International Conference Applications, Services and Technologies, 37 - 42, 2014. Generation Mobile
Shen, T., Zhongyang, Y., Xin, Z., "Detect Android Malware Variants using Component Based Topology Graph", 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, 406-413, 2014.
Sheen, S., Anitha, R., Natarajan, V., "Android based malware detection using a multifeature collaborative Neurocomputing, Cilt 151, 905-912, 2015. fusion approach",
Kabakuş, A. T., Doğru, İ. A., Çetin, A., "APK Auditor: Permission-based Android malware detection system", Digital Investigation, Cilt 13, 1-14, 2015.
Zhou Y. ve Jiang, X., "Dissecting Android Malware: Characterization and Evolution". 2012 IEEE Symposium on Security and Privacy, 95- 109, 2012.
Aydoğan, E., Genetik Programlama Kullanılarak Mobil Zararlı Yazılımların Otomatik Olarak Üretilmesi, Yüksek Lisans Tezi, Hacettepe Üniversitesi, Fen Bilimleri Enstitüsü, 2014.
Arp, D., Spreitzenbarth, M., Gübner, M., Gascon, H. ve Rieck, K., "DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket", Network and Distributed System Security (NDSS) Symposium 2014, 2014.
Lindorfer, M., Neugschwandtner, M. ve Weichselbaum, L., "ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors", 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, 2014.
Mas`ud, M. Z., Sahib, S., Abdollah, M. F., Selamat, S. R., ve Yusof, R., "Android Malware Detection Journal of Information Technology, Cilt 6, No 4, 325-341, 2014.
Van der Meulen, R. ve Rivera, J., "Gartner says smartphone sales accounted for 55 percent of overall mobile phone sales in third quarter of 2013, Press Release, 2013.
Kabakuş, A. T., Doğru, İ. A., Çetin, A. (2015). Android Kötücül Yazılım Tespit ve Koruma Sistemleri. Erciyes Üniversitesi Fen Bilimleri Enstitüsü Dergisi, Cilt 31, No 1, 9-16, 2015.
Torregrosa, B., A framework for detection of malicious software in Android handled systems using machine learning techniques, Universitat Autònoma de Barcelona, 2015