使用克隆检测查找恶意软件家族的签名:以FinSpy为例

2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C) Pub Date : 2021-09-01 DOI:10.1109/ACSOS-C52956.2021.00063

Nils Scheidweiler, André Schäfer, W. Amme, Thomas S. Heinze

{"title":"使用克隆检测查找恶意软件家族的签名:以FinSpy为例","authors":"Nils Scheidweiler, André Schäfer, W. Amme, Thomas S. Heinze","doi":"10.1109/ACSOS-C52956.2021.00063","DOIUrl":null,"url":null,"abstract":"Code reuse is a frequent practice in mal ware development and finding code similar to known mal ware can thus be a promising strategy for mal ware detection. In this paper, we analyze the use of the clone detector StoneDetector for finding Android malware. To this end, signatures of known malware are generated and used to look for suspicious code fragments in Android APK packages. Feasibility of the approach is shown for a case study on samples of the FinSpy mal ware family.","PeriodicalId":268224,"journal":{"name":"2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)","volume":"223 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"U sing Clone Detection for Finding Signatures of Malware Families: A Case Study on FinSpy\",\"authors\":\"Nils Scheidweiler, André Schäfer, W. Amme, Thomas S. Heinze\",\"doi\":\"10.1109/ACSOS-C52956.2021.00063\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Code reuse is a frequent practice in mal ware development and finding code similar to known mal ware can thus be a promising strategy for mal ware detection. In this paper, we analyze the use of the clone detector StoneDetector for finding Android malware. To this end, signatures of known malware are generated and used to look for suspicious code fragments in Android APK packages. Feasibility of the approach is shown for a case study on samples of the FinSpy mal ware family.\",\"PeriodicalId\":268224,\"journal\":{\"name\":\"2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)\",\"volume\":\"223 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACSOS-C52956.2021.00063\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACSOS-C52956.2021.00063","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

代码重用是恶意软件开发中的一种常见做法，因此查找与已知恶意软件相似的代码可能是一种很有前途的恶意软件检测策略。在本文中，我们分析了使用克隆检测器StoneDetector来查找Android恶意软件。为此，生成已知恶意软件的签名并用于查找Android APK包中的可疑代码片段。通过对FinSpy软件家族样本的案例研究，证明了该方法的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

U sing Clone Detection for Finding Signatures of Malware Families: A Case Study on FinSpy

Code reuse is a frequent practice in mal ware development and finding code similar to known mal ware can thus be a promising strategy for mal ware detection. In this paper, we analyze the use of the clone detector StoneDetector for finding Android malware. To this end, signatures of known malware are generated and used to look for suspicious code fragments in Android APK packages. Feasibility of the approach is shown for a case study on samples of the FinSpy mal ware family.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)

自引率

0.00%

发文量