Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability
作者: Isil Dillig , Saswat Anand , Ruben Martins , Yu Feng , Osbert Bastani
DOI:
关键词:
摘要: This paper proposes a technique for automatically learning semantic malware signatures Android from very few samples of family. The key idea underlying our is to look maximally suspicious common subgraph (MSCS) that shared between all known instances An MSCS describes the functionality multiple applications in terms inter-component call relations and their metadata (e.g., data-flow properties). Our approach identifies such subgraphs by reducing problem maximum satisfiability. Once signature learned, uses combination static analysis new approximate matching algorithm determine whether an application matches characterizing given We have implemented tool called ASTROID show it has number advantages over state-of-the-art detection techniques. First, we compare synthesized with manually-written used previous work learned perform better accuracy as well precision. Second, against two tools demonstrate its interpretability accuracy. Finally, ASTROID's resistant behavioral obfuscation can be detect zero-day malware. In particular, were able find 22 Google Play are not reported existing tools.
arxiv.org
harvard.edu
128.84.21.199参考文章(20)
Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran, Phillip Porras, DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications european symposium on research in computer security. pp. 163- 182 ,(2014) , 10.1007/978-3-319-11203-9_10
Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, Dawn Song, HI-CFG: Construction by Binary Analysis and Application to Attack Polymorphism european symposium on research in computer security. pp. 164- 181 ,(2013) , 10.1007/978-3-642-40203-6_10
Heqing Huang, Yeonjoon Lee, Kai Chen, Peng Liu, Peng Wang, Nan Zhang, Wei Zou, XiaoFeng Wang, Finding unknown malice in 10 seconds: mass vetting for new threats at the Google-play scale usenix security symposium. pp. 659- 674 ,(2015)
Mingyuan Xia, Lu Gong, Yuanhao Lyu, Zhengwei Qi, Xue Liu, Effective Real-Time Android Application Auditing 2015 IEEE Symposium on Security and Privacy. pp. 899- 914 ,(2015) , 10.1109/SP.2015.60
Damien Octeau, Yves Le Traon, Eric Bodden, Alexandre Bartel, Patrick McDaniel, Jacques Klein, Somesh Jha, Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis usenix security symposium. pp. 543- 558 ,(2013)
Lok Kwong Yan, Heng Yin, DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis usenix security symposium. pp. 29- 29 ,(2012)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Tao Xie, William Enck, Xusheng Xiao, Sihan Li, Benjamin Andow, Wei Yang, AppContext: differentiating malicious and benign mobile app behaviors using context international conference on software engineering. ,vol. 1, pp. 303- 313 ,(2015) , 10.5555/2818754.2818793
Yu Feng, Xinyu Wang, Isil Dillig, Calvin Lin, EXPLORER : query- and demand-driven exploration of interprocedural control flow properties conference on object oriented programming systems languages and applications. ,vol. 50, pp. 520- 534 ,(2015) , 10.1145/2814270.2814284
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223