? On Locating Malicious Code in Piggybacked Android Apps
Journal of Computer Science and Technology
Quick Search in JCST
 Advanced Search 
      Home | PrePrint | SiteMap | Contact Us | FAQ
Indexed by   SCIE, EI ...
Bimonthly    Since 1986
Journal of Computer Science and Technology 2017, Vol. 32 Issue (6) :1108-1124    DOI: 10.1007/s11390-017-1786-z
Special Section on Software Systems 2017 Current Issue | Archive | Adv Search << Previous Articles | Next Articles >>
On Locating Malicious Code in Piggybacked Android Apps
Li Li1, Daoyuan Li1, Tegawendé F. Bissyandé1, Jacques Klein1, Haipeng Cai2, Member, ACM, IEEE, David Lo3, Yves Le Traon1
1 Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg 2721, Luxembourg;
2 School of Electrical Engineering and Computer Science, Washington State University, Washington, WA 99163, U.S.A.;
3 School of Information Systems, Singapore Management University, Singapore 178902, Singapore

Related Articles
Download: [PDF 638KB]     Export: BibTeX or EndNote (RIS)  
Abstract To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.
Articles by authors
KeywordsAndroid   piggybacked app   malicious code   HookRanker     
Received 2017-04-20;

This work was supported by the Fonds National de la Recherche (FNR), Luxembourg under projects AndroMap C13/IS/5921289 and Recommend C15/IS/10449467.

Corresponding Authors: 10.1007/s11390-017-1786-z   
About author: Li Li is a research associate at Interdisciplinary Center for Security,Reliability and Trust (SnT),University of Luxembourg,Luxembourg,and a honorary research associate at the CREST group,University College London,London.
Cite this article:   
Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon.On Locating Malicious Code in Piggybacked Android Apps[J]  Journal of Computer Science and Technology, 2017,V32(6): 1108-1124
Copyright 2010 by Journal of Computer Science and Technology