{"title":"“是否要安装此应用程序的更新?”对更新的Android应用程序的严格分析","authors":"A. Aysan, Sevil Şen","doi":"10.1109/CSCloud.2015.97","DOIUrl":null,"url":null,"abstract":"Attackers have been searching for security vulnerabilities in Android applications to exploit. One of these security vulnerabilities is that Android applications could load codes at runtime. This helps attackers to avoid being detected by static analysis tools. In this study, we have done a rigorous analysis to see how attackers employ updating techniques in order to exploit this vulnerability, and to assess the security risks of applications using these techniques in the markets. A comprehensive analysis is carried out on nearly 30,000 applications collected from three different Android markets and two malware datasets. Both static and dynamic analysis techniques are employed to monitor malicious activities in such applications. As a result, we found 70 new malicious applications from Google Play. Our work is the first study which monitors updating behaviours of applications during their execution. This analysis allows us to analyse suspicious applications deeply and to develop better security solutions.","PeriodicalId":278090,"journal":{"name":"2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing","volume":"60 1-2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"\\\"Do You Want to Install an Update of This Application?\\\" A Rigorous Analysis of Updated Android Applications\",\"authors\":\"A. Aysan, Sevil Şen\",\"doi\":\"10.1109/CSCloud.2015.97\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attackers have been searching for security vulnerabilities in Android applications to exploit. One of these security vulnerabilities is that Android applications could load codes at runtime. This helps attackers to avoid being detected by static analysis tools. In this study, we have done a rigorous analysis to see how attackers employ updating techniques in order to exploit this vulnerability, and to assess the security risks of applications using these techniques in the markets. A comprehensive analysis is carried out on nearly 30,000 applications collected from three different Android markets and two malware datasets. Both static and dynamic analysis techniques are employed to monitor malicious activities in such applications. As a result, we found 70 new malicious applications from Google Play. Our work is the first study which monitors updating behaviours of applications during their execution. This analysis allows us to analyse suspicious applications deeply and to develop better security solutions.\",\"PeriodicalId\":278090,\"journal\":{\"name\":\"2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing\",\"volume\":\"60 1-2\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCloud.2015.97\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCloud.2015.97","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
"Do You Want to Install an Update of This Application?" A Rigorous Analysis of Updated Android Applications
Attackers have been searching for security vulnerabilities in Android applications to exploit. One of these security vulnerabilities is that Android applications could load codes at runtime. This helps attackers to avoid being detected by static analysis tools. In this study, we have done a rigorous analysis to see how attackers employ updating techniques in order to exploit this vulnerability, and to assess the security risks of applications using these techniques in the markets. A comprehensive analysis is carried out on nearly 30,000 applications collected from three different Android markets and two malware datasets. Both static and dynamic analysis techniques are employed to monitor malicious activities in such applications. As a result, we found 70 new malicious applications from Google Play. Our work is the first study which monitors updating behaviours of applications during their execution. This analysis allows us to analyse suspicious applications deeply and to develop better security solutions.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
