To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a fram...To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.展开更多
App updates and repackaging are recurrent in the Android ecosystem,filling markets with similar apps that must be identified.Despite the existence of several approaches to improving the scalability of detecting repack...App updates and repackaging are recurrent in the Android ecosystem,filling markets with similar apps that must be identified.Despite the existence of several approaches to improving the scalability of detecting repackaged/cloned apps,researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison(or simultaneously multiple app comparisons)to understand and validate the similarities among apps.In this work,we present the design and implementation of our research-based prototype tool called SimiDroid for multi-level similarity comparison of Android apps.SimiDroid is built with the aim to support the comprehension of similarities/changes among app versions and among repackaged apps.In particular,we demonstrate the need and usefulness of such a framework based on different case studies implementing different dissection scenarios for revealing various insights on how repackaged apps are built.We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state of the art.展开更多
文摘To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.
基金the Luxembourg National Research Fund(FNR),Luxembourg,under Grant Nos.CHARACTERIZE C17/IS/11693861 and Recommend C15/IS/10449467the National Natural Science Foundation of China under Grant No.61702045the Beijing University of Posts and Telecommunications(BUPT)Youth Research and Innovation Program of China under Grant No.2017RC40.
文摘App updates and repackaging are recurrent in the Android ecosystem,filling markets with similar apps that must be identified.Despite the existence of several approaches to improving the scalability of detecting repackaged/cloned apps,researchers and practitioners are eventually faced with the need for a comprehensive pairwise comparison(or simultaneously multiple app comparisons)to understand and validate the similarities among apps.In this work,we present the design and implementation of our research-based prototype tool called SimiDroid for multi-level similarity comparison of Android apps.SimiDroid is built with the aim to support the comprehension of similarities/changes among app versions and among repackaged apps.In particular,we demonstrate the need and usefulness of such a framework based on different case studies implementing different dissection scenarios for revealing various insights on how repackaged apps are built.We further show that the similarity comparison plugins implemented in SimiDroid yield more accurate results than the state of the art.
