On Locating Malicious Code in Piggybacked Android Apps |
| |
Authors: | Li Li Daoyuan Li Tegawendé F. Bissyandé Jacques Klein Haipeng Cai David Lo Yves Le Traon |
| |
Affiliation: | 1.Interdisciplinary Centre for Security, Reliability and Trust,University of Luxembourg,Luxembourg,Luxembourg;2.School of Electrical Engineering and Computer Science,Washington State University,Washington,U.S.A.;3.School of Information Systems,Singapore Management University,Singapore,Singapore |
| |
Abstract: | To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|