自动定位恶意软件包在搭载Android应用程序

2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft) Pub Date : 2017-05-01 DOI:10.1109/MOBILESoft.2017.6

Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, D. Lo, Yves Le Traon

{"title":"自动定位恶意软件包在搭载Android应用程序","authors":"Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, D. Lo, Yves Le Traon","doi":"10.1109/MOBILESoft.2017.6","DOIUrl":null,"url":null,"abstract":"To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.","PeriodicalId":281934,"journal":{"name":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"Automatically Locating Malicious Packages in Piggybacked Android Apps\",\"authors\":\"Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, D. Lo, Yves Le Traon\",\"doi\":\"10.1109/MOBILESoft.2017.6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.\",\"PeriodicalId\":281934,\"journal\":{\"name\":\"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MOBILESoft.2017.6\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBILESoft.2017.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

摘要

为了设计有效的方法和工具来检测Android生态系统中的恶意软件包，研究人员越来越需要对恶意软件有深入的了解。因此，有必要提供一个框架来剖析恶意软件，并在应用程序代码中定位恶意程序片段，以便建立一个全面的恶意样本数据集。为了解决这一需求，我们在这项工作中提出了一种基于工具的方法，称为HookRanker，它根据恶意软件行为代码的触发方式提供潜在恶意软件包的排名列表。通过对搭载应用程序的地面真相集进行实验，我们能够自动定位搭载Android应用程序的恶意软件包，在验证前5个报告项目方面的准确率为83.6%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Automatically Locating Malicious Packages in Piggybacked Android Apps

To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)

自引率

0.00%

发文量