Hugo Gonzalez, A. A. Kadir, Natalia Stakhanova, Abdullah J. Alzahrani, A. Ghorbani
{"title":"探索Android应用程序中的逆向工程症状","authors":"Hugo Gonzalez, A. A. Kadir, Natalia Stakhanova, Abdullah J. Alzahrani, A. Ghorbani","doi":"10.1145/2751323.2751330","DOIUrl":null,"url":null,"abstract":"The appearance of the Android platform and its popularity has resulted in a sharp rise in the number of reported vulnerabilities and consequently in the number of mobile threats. Leveraging openness of Android app markets and the lack of security testing, malware authors commonly plagiarize Android applications (e.g., through code reuse and repackaging) boosting the amount of malware on the markets and consequently the infection rate. In this study, we present AndroidSOO, a lightweight approach for the detection of repackaging symptoms on Android apps. In this work, we introduce and explore novel and easily extractable attribute called String Offset Order. Extractable from string identifiers list in the .dex file, the method is able to pinpoint symptoms of reverse engineered Android apps without the need for complex further analysis. We performed extensive evaluation of String Order metric to assess its capabilities on datasets made available by three recent studies: Android Malware Genome Project, DroidAnalytics and Drebin. We also performed a large-scale study of over 5,000 Android applications extracted from Google Play market and over 80 000 samples from Virus Total service.","PeriodicalId":123258,"journal":{"name":"Proceedings of the Eighth European Workshop on System Security","volume":"326 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":"{\"title\":\"Exploring reverse engineering symptoms in Android apps\",\"authors\":\"Hugo Gonzalez, A. A. Kadir, Natalia Stakhanova, Abdullah J. Alzahrani, A. Ghorbani\",\"doi\":\"10.1145/2751323.2751330\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The appearance of the Android platform and its popularity has resulted in a sharp rise in the number of reported vulnerabilities and consequently in the number of mobile threats. Leveraging openness of Android app markets and the lack of security testing, malware authors commonly plagiarize Android applications (e.g., through code reuse and repackaging) boosting the amount of malware on the markets and consequently the infection rate. In this study, we present AndroidSOO, a lightweight approach for the detection of repackaging symptoms on Android apps. In this work, we introduce and explore novel and easily extractable attribute called String Offset Order. Extractable from string identifiers list in the .dex file, the method is able to pinpoint symptoms of reverse engineered Android apps without the need for complex further analysis. We performed extensive evaluation of String Order metric to assess its capabilities on datasets made available by three recent studies: Android Malware Genome Project, DroidAnalytics and Drebin. We also performed a large-scale study of over 5,000 Android applications extracted from Google Play market and over 80 000 samples from Virus Total service.\",\"PeriodicalId\":123258,\"journal\":{\"name\":\"Proceedings of the Eighth European Workshop on System Security\",\"volume\":\"326 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"36\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Eighth European Workshop on System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2751323.2751330\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Eighth European Workshop on System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2751323.2751330","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploring reverse engineering symptoms in Android apps
The appearance of the Android platform and its popularity has resulted in a sharp rise in the number of reported vulnerabilities and consequently in the number of mobile threats. Leveraging openness of Android app markets and the lack of security testing, malware authors commonly plagiarize Android applications (e.g., through code reuse and repackaging) boosting the amount of malware on the markets and consequently the infection rate. In this study, we present AndroidSOO, a lightweight approach for the detection of repackaging symptoms on Android apps. In this work, we introduce and explore novel and easily extractable attribute called String Offset Order. Extractable from string identifiers list in the .dex file, the method is able to pinpoint symptoms of reverse engineered Android apps without the need for complex further analysis. We performed extensive evaluation of String Order metric to assess its capabilities on datasets made available by three recent studies: Android Malware Genome Project, DroidAnalytics and Drebin. We also performed a large-scale study of over 5,000 Android applications extracted from Google Play market and over 80 000 samples from Virus Total service.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
