On locating malicious code in piggybacked Android apps
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app co...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3914 https://ink.library.smu.edu.sg/context/sis_research/article/4916/viewcontent/101007_2Fs11390_017_1786_z.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4916 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-49162020-01-16T00:42:50Z On locating malicious code in piggybacked Android apps LI, Li LI, Daoyuan BISSYANDE, Tegawende F. KLEIN, Jacques CAI, Haipeng LO, David LE TRAON, Yves To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently. 2017-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3914 info:doi/10.1007/s11390-017-1786-z https://ink.library.smu.edu.sg/context/sis_research/article/4916/viewcontent/101007_2Fs11390_017_1786_z.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android piggybacked app malicious code HookRanker Programming Languages and Compilers Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Android piggybacked app malicious code HookRanker Programming Languages and Compilers Software Engineering |
| spellingShingle |
Android piggybacked app malicious code HookRanker Programming Languages and Compilers Software Engineering LI, Li LI, Daoyuan BISSYANDE, Tegawende F. KLEIN, Jacques CAI, Haipeng LO, David LE TRAON, Yves On locating malicious code in piggybacked Android apps |
| description |
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently. |
| format |
text |
| author |
LI, Li LI, Daoyuan BISSYANDE, Tegawende F. KLEIN, Jacques CAI, Haipeng LO, David LE TRAON, Yves |
| author_facet |
LI, Li LI, Daoyuan BISSYANDE, Tegawende F. KLEIN, Jacques CAI, Haipeng LO, David LE TRAON, Yves |
| author_sort |
LI, Li |
| title |
On locating malicious code in piggybacked Android apps |
| title_short |
On locating malicious code in piggybacked Android apps |
| title_full |
On locating malicious code in piggybacked Android apps |
| title_fullStr |
On locating malicious code in piggybacked Android apps |
| title_full_unstemmed |
On locating malicious code in piggybacked Android apps |
| title_sort |
on locating malicious code in piggybacked android apps |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/3914 https://ink.library.smu.edu.sg/context/sis_research/article/4916/viewcontent/101007_2Fs11390_017_1786_z.pdf |
| _version_ |
1770573934738014208 |