Measuring the risk value of sensitive dataflow path in Android applications
作者: Pengbin Feng , Cong Sun , Jianfeng Ma
DOI: 10.1002/SEC.1746
关键词:
摘要: Nowadays, smartphones carry large amounts of user privacy and sensitive data. With the popularity Android operating system, cases date leakage in applications are on rise causing a great loss to users. In order mitigate this condition, static dynamic taint analysis applied precisely detect data leakages. These approaches cannot distinguish leakages benign apps from ones malicious apps. Recently, difference flows between has been found be significant. paper, we further find that there exists frequencies dataflow paths. This can used enforce risk value over every path. guide identification We present RISKPATH, tool automatically calculates values for paths applications. Applying result RISKPATH MUDFLOW framework, increase true positive rate malware detection by 3.96–6.54% different datasets with reasonable time memory consumption. Copyright © 2017 John Wiley & Sons, Ltd.
sci-hub.se 参考文章(28)
Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran, Phillip Porras, DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications european symposium on research in computer security. pp. 163- 182 ,(2014) , 10.1007/978-3-319-11203-9_10
Clint Gibler, Jonathan Crussell, Jeremy Erickson, Hao Chen, AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale trust and trustworthy computing. pp. 291- 307 ,(2012) , 10.1007/978-3-642-30921-2_17
Siqi Ma, Shaowei Wang, David Lo, Robert Huijie Deng, Cong Sun, None, Active Semi-supervised Approach for Checking App Behavior against Its Description computer software and applications conference. ,vol. 2, pp. 179- 184 ,(2015) , 10.1109/COMPSAC.2015.93
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
Pai-Hsuen Chen, Chih-Jen Lin, Bernhard Schölkopf, A tutorial on ν‐support vector machines Applied Stochastic Models in Business and Industry. ,vol. 21, pp. 111- 136 ,(2005) , 10.1002/ASMB.537
Yousra Aafer, Wenliang Du, Heng Yin, DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. pp. 86- 103 ,(2013) , 10.1007/978-3-319-04283-1_6
Iker Burguera, Urko Zurutuza, Simin Nadjm-Tehrani, Crowdroid Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 15- 26 ,(2011) , 10.1145/2046614.2046619
Michael Spreitzenbarth, Thomas Schreck, Florian Echtler, Daniel Arp, Johannes Hoffmann, Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques International Journal of Information Security. ,vol. 14, pp. 141- 153 ,(2015) , 10.1007/S10207-014-0250-0
William Enck, Machigar Ongtang, Patrick McDaniel, On lightweight mobile phone application certification computer and communications security. pp. 235- 245 ,(2009) , 10.1145/1653662.1653691
I Gordon Michael, Kim Deokhwan, H Perkins Jeff, Gilham Limei, Nguyen Nguyen, C Rinard Martin, None, Information-Flow Analysis of Android Applications in DroidSafe network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23089