Apposcopy:通过静态分析基于语义的Android恶意软件检测

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering Pub Date : 2014-11-11 DOI:10.1145/2635868.2635869

Yu Feng, Saswat Anand, Işıl Dillig, A. Aiken

{"title":"Apposcopy:通过静态分析基于语义的Android恶意软件检测","authors":"Yu Feng, Saswat Anand, Işıl Dillig, A. Aiken","doi":"10.1145/2635868.2635869","DOIUrl":null,"url":null,"abstract":"We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families.","PeriodicalId":250543,"journal":{"name":"Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"447","resultStr":"{\"title\":\"Apposcopy: semantics-based detection of Android malware through static analysis\",\"authors\":\"Yu Feng, Saswat Anand, Işıl Dillig, A. Aiken\",\"doi\":\"10.1145/2635868.2635869\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families.\",\"PeriodicalId\":250543,\"journal\":{\"name\":\"Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"447\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2635868.2635869\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2635868.2635869","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 447

摘要

我们提出Apposcopy，一种新的基于语义的方法，用于识别窃取私人用户信息的Android恶意软件的流行类别。Apposcopy包含(i)用于指定描述恶意软件家族语义特征的签名的高级语言，以及(ii)用于确定给定应用程序是否与恶意软件签名匹配的静态分析。Apposcopy的签名匹配算法结合了静态污点分析和称为组件间调用图的新形式的程序表示，以有效地检测具有某些控制和数据流属性的Android应用程序。我们已经在真实的Android应用程序语库上对Apposcopy进行了评估，并表明它可以有效可靠地定位属于某些恶意软件家族的恶意应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Apposcopy: semantics-based detection of Android malware through static analysis

We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

自引率

0.00%

发文量