Static Method to Locate Risky Features in Android Applications

2023 2nd Edition of IEEE Delhi Section Flagship Conference (DELCON) Pub Date : 2023-02-24 DOI:10.1109/DELCON57910.2023.10127577

Vaibhav Khullar, Tanya Gera, Tanya Mehta

{"title":"Static Method to Locate Risky Features in Android Applications","authors":"Vaibhav Khullar, Tanya Gera, Tanya Mehta","doi":"10.1109/DELCON57910.2023.10127577","DOIUrl":null,"url":null,"abstract":"Over the past many years, there’s been an exponential development in the number of Android phone users across the world. Allowing for the exchange of real-time data and information that may revolutionize people’s lives. However, this provided an edge to hackers as well. They distribute thousands of malware apps to steal people’s data and make money. They employ reverse engineering to launch their harmful programs at the victim. Android application developers make every effort to avoid copying. But hackers always come up with various different attacks, techniques, and tools to avoid the identification of malware by anti-malware software. Android’s operating system is vulnerable to a variety of security exploits and weaknesses due to security flaws. In this article, we have devised a simple yet prominent strategy to extract the top risky features used by suspicious applications. Our research shows that the bulk of current research makes use of different designs, data sources, and approaches, including static, dynamic, and hybrid. Static analysis will be used in this article to identify the security vulnerabilities and risks in mobile applications. We have used a dataset of around 3000 applications and carried out a methodical investigation of it. Existing studies focus heavily on the safety of smartphone operating systems. We feel, however, that there is a need for detailed coverage of Android security issues, including the proliferation of malware, the investigation of anti-analysis tactics, and the analysis of current detection procedures. In this study, we cover topics such as Android’s security enforcement systems, threats to those mechanisms, associated difficulties, the evolution of malware from 2019 to 2022, and the cover tactics malware developers use to avoid detection. This study sheds light on the benefits and drawbacks of existing research methods and offers academics and practitioners a starting point for developing innovative approaches to Android malware detection, analysis, and protection.","PeriodicalId":193577,"journal":{"name":"2023 2nd Edition of IEEE Delhi Section Flagship Conference (DELCON)","volume":"319 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 2nd Edition of IEEE Delhi Section Flagship Conference (DELCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DELCON57910.2023.10127577","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Over the past many years, there’s been an exponential development in the number of Android phone users across the world. Allowing for the exchange of real-time data and information that may revolutionize people’s lives. However, this provided an edge to hackers as well. They distribute thousands of malware apps to steal people’s data and make money. They employ reverse engineering to launch their harmful programs at the victim. Android application developers make every effort to avoid copying. But hackers always come up with various different attacks, techniques, and tools to avoid the identification of malware by anti-malware software. Android’s operating system is vulnerable to a variety of security exploits and weaknesses due to security flaws. In this article, we have devised a simple yet prominent strategy to extract the top risky features used by suspicious applications. Our research shows that the bulk of current research makes use of different designs, data sources, and approaches, including static, dynamic, and hybrid. Static analysis will be used in this article to identify the security vulnerabilities and risks in mobile applications. We have used a dataset of around 3000 applications and carried out a methodical investigation of it. Existing studies focus heavily on the safety of smartphone operating systems. We feel, however, that there is a need for detailed coverage of Android security issues, including the proliferation of malware, the investigation of anti-analysis tactics, and the analysis of current detection procedures. In this study, we cover topics such as Android’s security enforcement systems, threats to those mechanisms, associated difficulties, the evolution of malware from 2019 to 2022, and the cover tactics malware developers use to avoid detection. This study sheds light on the benefits and drawbacks of existing research methods and offers academics and practitioners a starting point for developing innovative approaches to Android malware detection, analysis, and protection.

查看原文本刊更多论文

Android应用中危险特性的静态定位方法

在过去的许多年里，全球的Android手机用户数量呈指数级增长。允许实时数据和信息的交换，这可能会彻底改变人们的生活。然而，这也为黑客提供了优势。他们分发成千上万的恶意软件来窃取人们的数据并赚钱。他们利用逆向工程向受害者启动有害程序。Android应用程序开发人员尽一切努力避免复制。但是黑客总是想出各种不同的攻击、技术和工具来避免被反恶意软件识别。由于存在安全漏洞，Android操作系统容易受到各种安全漏洞的攻击。在本文中，我们设计了一个简单而突出的策略来提取可疑应用程序使用的最危险的特征。我们的研究表明，当前的大部分研究使用了不同的设计、数据源和方法，包括静态、动态和混合。本文将使用静态分析来识别移动应用程序中的安全漏洞和风险。我们使用了大约3000个应用程序的数据集，并对其进行了系统的调查。现有的研究主要集中在智能手机操作系统的安全性上。然而，我们认为有必要详细报道Android安全问题，包括恶意软件的扩散，反分析策略的调查，以及对当前检测程序的分析。在本研究中，我们涵盖的主题包括Android的安全执行系统、对这些机制的威胁、相关困难、恶意软件从2019年到2022年的演变，以及恶意软件开发人员用来避免检测的掩护策略。本研究揭示了现有研究方法的优点和缺点，并为开发Android恶意软件检测、分析和保护的创新方法提供了学者和从业者的起点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 2nd Edition of IEEE Delhi Section Flagship Conference (DELCON)

自引率

0.00%

发文量