{"title":"通过记录和分析应用程序的执行日志,使用反射检测可疑的分支语句","authors":"Sumin Lee, Minho Park, Jiman Hong","doi":"10.30693/smj.2023.12.5.58","DOIUrl":null,"url":null,"abstract":"In Logic Bomb, the conditions of branch statements that trigger malicious behavior cannot be detected in advance, making Android malicious app analysis difficult. Various studies have been conducted to detect potentially suspicious branch statements that can be logic bombs and triggers, but suspicious branch statements cannot be properly detected in apps that contain information determined at runtime, such as reflection. In this paper, we propose a tool that can detect suspicious branch statements even when reflection is used in Android apps. It works through recording app execution logs and analyzing the recorded log). The proposed tool can check the relationship between the called method and the branch statement by recording and analyzing the user-defined methods, Java APIs called and method information called through reflection, and branch information in the log while the Android app is running. Experimental results show that suspicious branch statements can be detected even in apps where reflection is used.","PeriodicalId":249252,"journal":{"name":"Korean Institute of Smart Media","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting suspicious branch statements through recording and analyzing execution logs of apps using reflection\",\"authors\":\"Sumin Lee, Minho Park, Jiman Hong\",\"doi\":\"10.30693/smj.2023.12.5.58\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In Logic Bomb, the conditions of branch statements that trigger malicious behavior cannot be detected in advance, making Android malicious app analysis difficult. Various studies have been conducted to detect potentially suspicious branch statements that can be logic bombs and triggers, but suspicious branch statements cannot be properly detected in apps that contain information determined at runtime, such as reflection. In this paper, we propose a tool that can detect suspicious branch statements even when reflection is used in Android apps. It works through recording app execution logs and analyzing the recorded log). The proposed tool can check the relationship between the called method and the branch statement by recording and analyzing the user-defined methods, Java APIs called and method information called through reflection, and branch information in the log while the Android app is running. Experimental results show that suspicious branch statements can be detected even in apps where reflection is used.\",\"PeriodicalId\":249252,\"journal\":{\"name\":\"Korean Institute of Smart Media\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Korean Institute of Smart Media\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30693/smj.2023.12.5.58\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Korean Institute of Smart Media","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30693/smj.2023.12.5.58","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting suspicious branch statements through recording and analyzing execution logs of apps using reflection
In Logic Bomb, the conditions of branch statements that trigger malicious behavior cannot be detected in advance, making Android malicious app analysis difficult. Various studies have been conducted to detect potentially suspicious branch statements that can be logic bombs and triggers, but suspicious branch statements cannot be properly detected in apps that contain information determined at runtime, such as reflection. In this paper, we propose a tool that can detect suspicious branch statements even when reflection is used in Android apps. It works through recording app execution logs and analyzing the recorded log). The proposed tool can check the relationship between the called method and the branch statement by recording and analyzing the user-defined methods, Java APIs called and method information called through reflection, and branch information in the log while the Android app is running. Experimental results show that suspicious branch statements can be detected even in apps where reflection is used.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
