Cited By
View all- Cai H(2020)Assessing and Improving Malware Detection Sustainability through App Evolution StudiesACM Transactions on Software Engineering and Methodology10.1145/337192429:2(1-28)Online publication date: 4-Mar-2020
Pinpointing mobile malware using code analysis
Pages 275 - 276
Abstract
Mobile malware has recently become an acute problem. Existing solutions either base static reasoning on syntactic properties, such as exception handlers or configuration fields, or compute data-flow reachability over the program, which leads to scalability challenges.
We explore a new and complementary category of features, which strikes a middleground between the above two categories. This new category focuses on security-relevant operations (communcation, lifecycle, etc) --- and in particular, their multiplicity and happens-before order --- as a means to distinguish between malicious and benign applications. Computing these features requires semantic, yet lightweight, modeling of the program's behavior.
We have created a malware detection system for Android, MassDroid, that collects traces of security-relevant operations from the call graph via a scalable form of data-flow analysis. These are reduced to happens-before and multiplicity features, then fed into a supervised learning engine to obtain a malicious/benign classification. MassDroid also embodies a novel reporting interface, containing pointers into the code that serve as evidence supporting the determination.
We have applied MassDroid to 35,000 Android apps from the wild. The results are highly encouraging with an F-score of 95% in standard testing, and >90% when applied to previously unseen malware signatures. MassDroid is also efficient, requiring about two minutes per app. MassDroid is publicly available as a cloud service for malware detection.
References
[1]
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck. Drebin: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS, 2014.
[2]
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. L. Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise Context, Flow, Field, object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In PLDI, 2014.
[3]
V. Avdiienko, K. Kuznetsov, A. Gorla, A. Zeller, S. Arzt, S. Rasthofer, and E. Bodden. Mining apps for abnormal usage of sensitive data. In ICSE, 2015.
[4]
C. J. C. Burges. A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov., 2(2):121--167, 1998.
[5]
P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977.
[6]
M. Hind. Pointer analysis: haven't we solved this problem yet? In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program, Analysis For Software Tools and Engineering, PASTE'01, Snowbird, Utah, USA, June 18-19, 2001, pages 54--61, 2001.
[7]
R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. Whyper: Towards Automating Risk Assessment of Mobile Applications. In USENIX Security, 2013.
[8]
Z. Qu, V. Rastogi, X. Zhang, Y. Chen, T. Zhu, and Z. Chen. AutoCog: Measuring the Description-to-permission Fidelity in Android Applications. In CCS, 2014.
[9]
S. Rasthofer, S. Arzt, and E. Bodden. A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks. In NDSS, 2014.
[10]
T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL, 1995.
Index Terms
- Pinpointing mobile malware using code analysis
Recommendations
Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers
Android platform has dominated the markets of smart mobile devices in recent years. The number of Android applications (apps) has seen a massive surge. Unsurprisingly, Android platform has also become the primary target of attackers. The management of ...
Sound and precise malware analysis for android via pushdown reachability and entry-point saturation
SPSM '13: Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devicesSound malware analysis of Android applications is challenging. First, object-oriented programs exhibit highly interprocedural, dynamically dispatched control structure. Second, the Android programming paradigm relies heavily on the asynchronous ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISecA popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Comments
Information & Contributors
Information
Published In
May 2016
326 pages
ISBN:9781450341783
DOI:10.1145/2897073
Copyright © 2016 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
- ACM: Association for Computing Machinery
- SIGSOFT: ACM Special Interest Group on Software Engineering
- IEEE-CS\DATC: IEEE Computer Society
- TCSE: IEEE Computer Society's Tech. Council on Software Engin.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 14 May 2016
Check for updates
Author Tags
Qualifiers
- Invited-talk
Conference
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 158Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)1
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
Cited By
View all- Cai H(2020)Assessing and Improving Malware Detection Sustainability through App Evolution StudiesACM Transactions on Software Engineering and Methodology10.1145/337192429:2(1-28)Online publication date: 4-Mar-2020
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in