What is it about?

As smartphones such as mobile devices become popular, malicious attackers are choosing them as targets. The risk of attack is steadily increasing as most people store various personal information such as messages, contacts, and financial information on their smartphones. Particularly, the vulnerabilities of the installed operating systems (e.g., Android, iOS, etc.) are trading at a high price in the black market. In addition, the development of the Internet of Things (IoT) technology has created a hyperconnected society in which various devices are connected to one network. Therefore, the safety of the smartphone is becoming an important factor to remotely control these technologies. A typical attack method that threatens the security of such a smartphone is a method of inducing installation of a malicious application. However, most studies focus on the detection of malicious applications. This study suggests a method to evaluate threats to be installed in the Android OS environment in conjunction with machine learning algorithms. In addition, we present future direction from the cyber threat intelligence perspective and situational awareness, which are the recent issues.

Featured Image

Why is it important?

Changes in the way in which personal information is stored and the efficient use of IoT equipment are reasons to increase the frequency of attacks on smartphones. These mobile threats can cause damage to both cyberspace and the real world. To provide situational awareness to decision-makers, it is necessary to extend threat detection for a mobile malicious application to evaluate threats.


Many studies have focused on the detection of these malicious applications, and their accuracy and efficiency are approaching commercialization. However, there is a limit to utilize the detected result of a malicious application for decision-making from the manager's point of view. Also, existing risk assessment studies are concentrated on owning assets, so there are limitations that simplify the threat, and there are few studies evaluating threats in connection with research on threat detection through machine learning. This study proposes a method to extend and assess threat detection using machine learning for applications installed in the Android OS. The proposed scheme is Malware Awareness (Level 1) aimed at detecting malicious behavior for Android application, Threat Awareness (Level 2) for rating it, and Decision-Making Awareness (Level 3) for optimizing threat class. The reasons for approaching from the viewpoint of SA are also related to CTI which is a recent issue. The availability of CTI is an essential element of threat assessment. The TARA developed by MITER also emphasizes the ability to identify countermeasures through threat assessment. In addition, cyber-SA framework research from the “Cybaware” project has resulted in an asset, configuration, impact, threat, and visualization as key areas of research . In particular, the threat area has identified and evaluated the types of attackers (TTP, Tactics/Techniques/Procedures) and objectives and developed countermeasures as research results. Therefore, the proposed approach can contribute to threat detection, production, measurement, and evaluation of CTI in the security field.

Mookyu Park
Korea University

Read the Original

This page is a summary of: Threat Assessment for Android Environment with Connectivity to IoT Devices from the Perspective of Situational Awareness, Wireless Communications and Mobile Computing, April 2019, Hindawi Publishing Corporation, DOI: 10.1155/2019/5121054.
You can read the full text:

Open access logo


The following have contributed to this page