nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Detecting Malicious Behaviors in Repackaged Android Apps with Loosely-Coupled Payloads Filtering Scheme

verfasst von : Lulu Zhang, Yongzheng Zhang, Tianning Zang

Erschienen in: International Conference on Security and Privacy in Communication Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recently, the security problem of Android applications has been increasingly prominent. In this paper, we propose a novel approach to detect malicious behaviors in loosely-coupled repackaged Android apps. We extract and modify the FCG of an app based on its loosely-coupled property, and divide it into several sub-graphs to identify primary module and its related modules. In each remaining sub-graph, API calls are added and sensitive API paths are extracted for dynamic instrumentation on top of APIMonitor. The experiments are conducted with 438 malwares and 1529 apps from two third-party Android markets. Through manual verification, we confirm 5 kinds of malwares in 16 apps detected by our approach. And the detection rate of collected malwares reaches 99.77 %. The reduction rate of monitored functions reaches 42.95 % with 98.79 % of malicious functions being successfully saved. The time spent on static and dynamic analysis is 74.9 s and 16.0 s on average.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel DroidKin: Lightweight Detection of Android Apps Similarity

Nächstes Kapitel Defending Blind DDoS Attack on SDN Based on Moving Target Defense

Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P.,Wang, X.S.: AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 1043–1054. ACM Press, New York (2013)

Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang X.S., Zang B.: Vetting undesirable behaviors in android apps with permission use analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 611–622. ACM Press, New York (2013)

android–madware–and–malware–trends http://www.symantec.com/connect/blogs/android-madware-and-malware-trends

Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Molloy, I. Using probabilistic generative models for ranking risks of android apps. In: Proceedings of the 2012 ACM conference on Computer and Communications Security, pp. 241–252. ACM Press, New York (2012)

Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE Press, New York (2012)

Felt, A.P., Chin, E., Hanna, S., Song, D.,Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM Press, New York (2011)

Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217–228. ACM Press, New York (2012)

Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones. In: OSDI, vol. 10, pp. 1–6 (2010)

Crussell, J., Gibler, C., Chen, H.: Scalable semantics-based detection of similar android applications. In: ESORICS (2013)

10.

Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium, pp. 5–8 (2012)

11.

Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: RiskRanker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th International Conference on Mobile systems, Applications, and Services, pp. 281–294. ACM Press, New York (2012)

12.

Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM Press, New York (2011)

13.

Wang, Z., Jiang, X., Cui, W., Wang, X., Grace, M.: ReFormat: automatic reverse engineering of encrypted messages. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 200–215. Springer, Heidelberg (2009)CrossRef

14.

Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining api-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013)CrossRef

15.

Yang, C., Yegneswaran, V., Porras, P., Gu, G.: Detecting money-stealing apps in alternative android markets. In: Proceedings of the 2012 ACM conference on Computer and Communications Security, pp. 1034–1036. ACM Press, New York (2012)

16.

Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: 2010 International Conference on Computational Intelligence and Security (CIS), pp. 329–333. IEEE Press, New York (2010)

17.

Arp, D., Spreitzenbarth, M., Hübner, M., Gascon, H., Rieck, K., Siemens, C.E.R.T.: DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. Gottingen, Germany (2014)

18.

Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, scalable detection of piggybacked mobile applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 185–196. ACM Press, New York (2013)

19.

Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: Smartdroid: an automatic system for revealing UI-based trigger conditions in android applications. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 93–104. ACM Press, NewYork (2012)

Titel: Detecting Malicious Behaviors in Repackaged Android Apps with Loosely-Coupled Payloads Filtering Scheme
verfasst von: Lulu Zhang
Yongzheng Zhang
Tianning Zang
Verlag: Springer International Publishing
Buch: International Conference on Security and Privacy in Communication Networks
Print ISBN: 978-3-319-23828-9

Electronic ISBN: 978-3-319-23829-6

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-23829-6_31

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"