eDSDroid: A Hybrid Approach for Information Leak Detection in Android
作者: Hoang Tuan Ly , Tan Cam Nguyen , Van-Hau Pham
DOI: 10.1007/978-981-10-4154-9_34
关键词:
摘要: Leaking personal information on mobile devices is a serious problem. Work leak detection for devices, until now, mostly focus action within single application, while the coordinated of several applications malicious purpose becoming popular. This study proposes hybrid approach that combines static and dynamic analysis to detect as result multiple applications. In this text, we call it inter-application malware. The takes place in two stages. first stage, use determine chains sensitive actions chain sequential user’s may lead leakage. second validate whether indeed leaks data by using analysis. fact, question are forced execute after detected stage. We monitor which make leak. order do so, modify Android Emulator trigger any running it. have evaluated our tool, namely eDSDroid, famous Toyapps test case. shows correctness effectiveness tool.
springer.com
sci-hub.se 参考文章(12)
Johannes Hoffmann, Stephan Neumann, Thorsten Holz, Mobile Malware Detection Based on Energy Fingerprints -- A Dead End? recent advances in intrusion detection. pp. 348- 368 ,(2013) , 10.1007/978-3-642-41284-4_18
Mariem Graa, Nora Cuppens-Boulahia, Frédéric Cuppens, Ana Cavalli, Detecting control flow in smarphones: combining static and dynamic analyses CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security. pp. 33- 47 ,(2012) , 10.1007/978-3-642-35362-8_4
Borja Sanz, Igor Santos, Xabier Ugarte-Pedrero, Carlos Laorden, Javier Nieves, Pablo G Bringas, None, Instance-based anomaly method for Android malware detection international conference on security and cryptography. pp. 387- 394 ,(2013)
Damien Octeau, Yves Le Traon, Eric Bodden, Alexandre Bartel, Patrick McDaniel, Jacques Klein, Somesh Jha, Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis usenix security symposium. pp. 543- 558 ,(2013)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, Wei Zou, SmartDroid Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '12. pp. 93- 104 ,(2012) , 10.1145/2381934.2381950
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779
A.-D. Schmidt, R. Bye, H.-G. Schmidt, J. Clausen, O. Kiraz, K. A. Yuksel, S. A. Camtepe, S. Albayrak, Static Analysis of Executables for Collaborative Malware Detection on Android international conference on communications. pp. 631- 635 ,(2009) , 10.1109/ICC.2009.5199486
Srijith K. Nair, Patrick N.D. Simpson, Bruno Crispo, Andrew S. Tanenbaum, A Virtual Machine Based Information Flow Control System for Policy Enforcement Electronic Notes in Theoretical Computer Science. ,vol. 197, pp. 3- 16 ,(2008) , 10.1016/J.ENTCS.2007.10.010