VTDroid:基于价值的跟踪，克服Android应用中的反污染分析技术

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI:10.1145/3465481.3465759

Hiroki Inayoshi, S. Kakei, Eiji Takimoto, Koichi Mouri, S. Saito

{"title":"VTDroid:基于价值的跟踪，克服Android应用中的反污染分析技术","authors":"Hiroki Inayoshi, S. Kakei, Eiji Takimoto, Koichi Mouri, S. Saito","doi":"10.1145/3465481.3465759","DOIUrl":null,"url":null,"abstract":"Bytecode-level taint tracking discovers suspicious apps on the Android platform; however, malicious apps can bypass it by transferring information via system layers in the Android. A context tainting countermeasure has been devised, but since it employs a list of flow-causing API methods, it will miss flows when unlisted methods are exploited and can also produce false positives. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to detect such flows without relying on lists of API methods. We implemented it into our taint-tracking system called VTDroid and confirmed its effectiveness with our test suite. We also evaluated it with popular apps collected from Google Play. The results show that the precision of VTDroid is 37 points higher than the context tainting.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"VTDroid: Value-based Tracking for Overcoming Anti-Taint-Analysis Techniques in Android Apps\",\"authors\":\"Hiroki Inayoshi, S. Kakei, Eiji Takimoto, Koichi Mouri, S. Saito\",\"doi\":\"10.1145/3465481.3465759\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Bytecode-level taint tracking discovers suspicious apps on the Android platform; however, malicious apps can bypass it by transferring information via system layers in the Android. A context tainting countermeasure has been devised, but since it employs a list of flow-causing API methods, it will miss flows when unlisted methods are exploited and can also produce false positives. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to detect such flows without relying on lists of API methods. We implemented it into our taint-tracking system called VTDroid and confirmed its effectiveness with our test suite. We also evaluated it with popular apps collected from Google Play. The results show that the precision of VTDroid is 37 points higher than the context tainting.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3465759\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3465759","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

字节码级别的污染跟踪发现Android平台上的可疑应用;然而，恶意应用程序可以绕过它，通过Android的系统层传输信息。已经设计了一个上下文污染对策，但由于它使用了一系列导致流的API方法，因此当未列出的方法被利用时，它将错过流，并且还可能产生误报。本文提出了一种新的污染跟踪技术——基于流特征的操作值记录和匹配，从而在不依赖API方法列表的情况下检测此类流。我们将其应用到我们的名为VTDroid的污染跟踪系统中，并通过我们的测试套件确认了其有效性。我们还使用从Google Play收集的热门应用对其进行了评估。结果表明，VTDroid的精度比上下文污染的精度高37分。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

VTDroid: Value-based Tracking for Overcoming Anti-Taint-Analysis Techniques in Android Apps

Bytecode-level taint tracking discovers suspicious apps on the Android platform; however, malicious apps can bypass it by transferring information via system layers in the Android. A context tainting countermeasure has been devised, but since it employs a list of flow-causing API methods, it will miss flows when unlisted methods are exploited and can also produce false positives. This paper presents a new taint-tracking technique operating value logging and matching based on the flows’ characteristics to detect such flows without relying on lists of API methods. We implemented it into our taint-tracking system called VTDroid and confirmed its effectiveness with our test suite. We also evaluated it with popular apps collected from Google Play. The results show that the precision of VTDroid is 37 points higher than the context tainting.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 16th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量