Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments

Siegfried Rasthofer, Steven Arzt, S. Triller, Michael Pradel
{"title":"Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments","authors":"Siegfried Rasthofer, Steven Arzt, S. Triller, Michael Pradel","doi":"10.1109/ICSE.2017.35","DOIUrl":null,"url":null,"abstract":"Android applications, or apps, provide useful features to end-users, but many apps also contain malicious behavior. Modern malware makes understanding such behavior challenging by behaving maliciously only under particular conditions. For example, a malware app may check whether it runs on a real device and not an emulator, in a particular country, and alongside a specific target app, such as a vulnerable banking app. To observe the malicious behavior, a security analyst must find out and emulate all these app-specific constraints. This paper presents FuzzDroid, a framework for automatically generating an Android execution environment where an app exposes its malicious behavior. The key idea is to combine an extensible set of static and dynamic analyses through a search-based algorithm that steers the app toward a configurable target location. On recent malware, the approach reaches the target location in 75% of the apps. In total, we reach 240 code locations within an average time of only one minute. To reach these code locations, FuzzDroid generates 106 different environments, too many for a human analyst to create manually.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"17 1","pages":"300-311"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSE.2017.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 54

Abstract

Android applications, or apps, provide useful features to end-users, but many apps also contain malicious behavior. Modern malware makes understanding such behavior challenging by behaving maliciously only under particular conditions. For example, a malware app may check whether it runs on a real device and not an emulator, in a particular country, and alongside a specific target app, such as a vulnerable banking app. To observe the malicious behavior, a security analyst must find out and emulate all these app-specific constraints. This paper presents FuzzDroid, a framework for automatically generating an Android execution environment where an app exposes its malicious behavior. The key idea is to combine an extensible set of static and dynamic analyses through a search-based algorithm that steers the app toward a configurable target location. On recent malware, the approach reaches the target location in 75% of the apps. In total, we reach 240 code locations within an average time of only one minute. To reach these code locations, FuzzDroid generates 106 different environments, too many for a human analyst to create manually.
使Malory行为恶意:Android执行环境的目标模糊
Android应用程序为最终用户提供了有用的功能,但许多应用程序也包含恶意行为。现代恶意软件只有在特定条件下才会表现出恶意行为,因此很难理解这种行为。例如,恶意软件应用程序可能会检查它是否在特定国家的真实设备上运行,而不是在模拟器上运行,并与特定的目标应用程序(如易受攻击的银行应用程序)一起运行。为了观察恶意行为,安全分析师必须找出并模拟所有这些特定于应用程序的约束。本文介绍了FuzzDroid,一个用于自动生成Android执行环境的框架,其中应用程序暴露其恶意行为。其关键思想是通过基于搜索的算法将一组可扩展的静态和动态分析结合起来,从而将应用程序引导到可配置的目标位置。在最近的恶意软件中,这种方法可以在75%的应用程序中到达目标位置。总的来说,我们在平均一分钟的时间内到达了240个代码位置。为了到达这些代码位置,FuzzDroid生成106个不同的环境,对于人工分析师来说,手动创建的环境太多了。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信