Accurate Specification for Robust Detection of Malicious Behavior in Mobile Environments
作者: Sufatrio , Tong-Wei Chua , Darell J. J. Tan , Vrizlynn L. L. Thing
DOI: 10.1007/978-3-319-24177-7_18
关键词: Computer science 、 Android malware 、 Android (operating system) 、 Malware 、 Callback 、 Component type 、 Mobile malware 、 Distributed computing 、 Real-time computing 、 Mobile security
摘要: The need to accurately specify and detect malicious behavior is widely known. This paper presents a novel convenient way of specifying in mobile environments by taking Android as representative platform analysis implementation. Our specification takes sequence-based approach declaratively formulating action, whereby any two consecutive security-sensitive operations are connected either control or taint flow. It also captures the invocation context an operation within app’s component type lifecycle/callback method. Additionally, exclusion that invoked from UI-related callback methods can be specified indicate action’s stealthy execution portions. We show how sufficiently expressive describe patterns commonly exhibited malware. To usefulness specification, demonstrate it derive stable distinctive existing malware, we develop static analyzer automatically check app for numerous actions written using specification. Given target uncovered behavior, associates with collection known malware families. Experiments our obfuscation-resistant associate samples their correct family accuracy 97.2 %, while retaining ability differentiate benign apps profiled families 97.6 %. These results positively lend robust detection.
springer.com
sci-hub.se 参考文章(24)
Fu Song, Tayssir Touili, Model-Checking for Android Malware Detection asian symposium on programming languages and systems. pp. 216- 235 ,(2014) , 10.1007/978-3-319-12736-1_12
Philippe Beaucamps, Isabelle Gnaedig, Jean-Yves Marion, Abstraction-Based Malware Analysis Using Rewriting and Model Checking Computer Security – ESORICS 2012. ,vol. 7459, pp. 806- 823 ,(2012) , 10.1007/978-3-642-33167-1_46
Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran, Phillip Porras, DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications european symposium on research in computer security. pp. 163- 182 ,(2014) , 10.1007/978-3-319-11203-9_10
Jonathan Crussell, Clint Gibler, Hao Chen, Attack of the Clones: Detecting Cloned Applications on Android Markets Computer Security – ESORICS 2012. pp. 37- 54 ,(2012) , 10.1007/978-3-642-33167-1_3
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen, Dawn Song, Juxtapp: a scalable system for detecting code reuse among android applications international conference on detection of intrusions and malware and vulnerability assessment. pp. 62- 81 ,(2012) , 10.1007/978-3-642-37300-8_4
Wu Zhou, Yajin Zhou, Xuxian Jiang, Peng Ning, Detecting repackaged smartphone applications in third-party android marketplaces Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12. pp. 317- 326 ,(2012) , 10.1145/2133601.2133640
Yago Díez, Ferran Roure, Xavier Lladó, Joaquim Salvi, A Qualitative Review on 3D Coarse Registration Methods ACM Computing Surveys. ,vol. 47, pp. 45- ,(2015) , 10.1145/2692160
Michael Grace, Yajin Zhou, Qiang Zhang, Shihong Zou, Xuxian Jiang, RiskRanker Proceedings of the 10th international conference on Mobile systems, applications, and services - MobiSys '12. pp. 281- 294 ,(2012) , 10.1145/2307636.2307663
Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, Shihong Zou, Fast, scalable detection of "Piggybacked" mobile applications Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13. pp. 185- 196 ,(2013) , 10.1145/2435349.2435377