? 基于安卓重打包应用程序的恶意代码定位研究
Journal of Computer Science and Technology
Quick Search in JCST
 Advanced Search 
      Home | PrePrint | SiteMap | Contact Us | Help
 
Indexed by   SCIE, EI ...
Bimonthly    Since 1986
Journal of Computer Science and Technology 2017, Vol. 32 Issue (6) :1108-1124    DOI: 10.1007/s11390-017-1786-z
Special Section on Software Systems 2017 << Previous Articles | Next Articles >>
基于安卓重打包应用程序的恶意代码定位研究
Li Li1, Daoyuan Li1, Tegawendé F. Bissyandé1, Jacques Klein1, Haipeng Cai2, Member, ACM, IEEE, David Lo3, Yves Le Traon1
1 Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg 2721, Luxembourg;
2 School of Electrical Engineering and Computer Science, Washington State University, Washington, WA 99163, U.S.A.;
3 School of Information Systems, Singapore Management University, Singapore 178902, Singapore
On Locating Malicious Code in Piggybacked Android Apps
Li Li1, Daoyuan Li1, Tegawendé F. Bissyandé1, Jacques Klein1, Haipeng Cai2, Member, ACM, IEEE, David Lo3, Yves Le Traon1
1 Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg 2721, Luxembourg;
2 School of Electrical Engineering and Computer Science, Washington State University, Washington, WA 99163, U.S.A.;
3 School of Information Systems, Singapore Management University, Singapore 178902, Singapore

摘要
参考文献
相关文章
Download: [PDF 638KB]  
摘要 为了设计出有效的方法和工具来检测安卓生态系统中的恶意代码,研究人员越来越需要深入的了解恶意软件的行为。因此,产学研各界有必要提供一个剖析恶意软件的框架,用于在应用程序代码中查找恶意代码片段,从而构建恶意代码样本数据集。为了满足这一需求,我们设计并实现了一个名叫HookRanker的工具。这个工具通过学习恶意代码被触发的方式推测潜在的恶意代码入口。实验表明,在考虑前五个推荐的恶意代码入口的情况下,HookRanker可以从安卓重打包的应用程序中自动定位通过传统代码调用触发的恶意代码的精度为83.6%,定位通过安卓组件间通信触发的恶意代码精度为82.2%。
关键词安卓   重打包应用程序   恶意代码     
Abstract: To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.
KeywordsAndroid   piggybacked app   malicious code   HookRanker     
Received 2017-04-20;
本文基金:

This work was supported by the Fonds National de la Recherche (FNR), Luxembourg under projects AndroMap C13/IS/5921289 and Recommend C15/IS/10449467.

About author: Li Li is a research associate at Interdisciplinary Center for Security,Reliability and Trust (SnT),University of Luxembourg,Luxembourg,and a honorary research associate at the CREST group,University College London,London.
引用本文:   
Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai,.基于安卓重打包应用程序的恶意代码定位研究[J]  Journal of Computer Science and Technology , 2017,V32(6): 1108-1124
Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon.On Locating Malicious Code in Piggybacked Android Apps[J]  Journal of Computer Science and Technology, 2017,V32(6): 1108-1124
链接本文:  
http://jcst.ict.ac.cn:8080/jcst/CN/10.1007/s11390-017-1786-z
Copyright 2010 by Journal of Computer Science and Technology