Apposcopy: semantics-based detection of Android malware through static analysis

Yu, Feng; Anand, Sandeep; Dillig, Işıl; Aiken, Alex

doi:10.1145/2635868.2635869

Cited by 348 publications

(193 citation statements)

References 28 publications

Supporting

Mentioning

193

Contrasting

Order By: Relevance

“…Gascon et al [12] make use of embedded call graphs to build a malware detector. Other approaches [1], [4], [8], [11], [28] that rely on static or dynamic analysis also provide possible features for malware detection. Those features, along with the features we studied in this paper, could be combined to perform more accurate malware detection.…”

Section: Related Workmentioning

confidence: 99%

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Allix

et al. 2015

2015 IEEE International Conference on Software Quality, Reliability and Security

View full text Add to dashboard Cite

Abstract-We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.

show abstract

Section: Related Workmentioning

confidence: 99%

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Allix

et al. 2015

2015 IEEE International Conference on Software Quality, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Apposcopy [19] identifies class of Android malware using a semantic-based approach, it uses static taint analysis and a call graph inter components; authors evaluate their solution with 1027 malware obtaining an accuracy of 90%.…”

Section: Also Liangboonprakong and Colleaguesmentioning

confidence: 99%

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

Canfora

Lorenzo

Medvet

et al. 2015

2015 10th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-With the wide diffusion of smartphones and their usage in a plethora of processes and activities, these devices have been handling an increasing variety of sensitive resources. Attackers are hence producing a large number of malware applications for Android (the most spread mobile platform), often by slightly modifying existing applications, which results in malware being organized in families.Some works in the literature showed that opcodes are informative for detecting malware, not only in the Android platform. In this paper, we investigate if frequencies of ngrams of opcodes are effective in detecting Android malware and if there is some significant malware family for which they are more or less effective. To this end, we designed a method based on state-of-the-art classifiers applied to frequencies of opcodes ngrams. Then, we experimentally evaluated it on a recent dataset composed of 11120 applications, 5560 of which are malware belonging to several different families.Results show that an accuracy of 97% can be obtained on the average, whereas perfect detection rate is achieved for more than one malware family.

show abstract

“…Zhang et al [47] propose a dynamic analysis based on permission use to detect malicious applications. Feng et al [48] and Zhang et al [49] propose semantics-aware static analyses of applications so as to defeat malware obfuscation attacks such as those proposed by Rastogi et al [50]. All these malware detection and analysis approaches are complementary to our methodology and can be incorporated in it to enhance our detection capabilities.…”

Section: Malware Analysis and Detectionmentioning

confidence: 99%

Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces

Rastogi¹,

Shao²,

Chen³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Mobile users are increasingly becoming targets of malware infections and scams. Some platforms, such as Android, are more open than others and are therefore easier to exploit than other platforms. In order to curb such attacks it is important to know how these attacks originate. We take a previously unexplored step in this direction and look for the answer at the interface between mobile apps and the Web. Numerous inapp advertisements work at this interface: when the user taps on an advertisement, she is led to a web page which may further redirect until the user reaches the final destination. Similarly, applications also embed web links that again lead to the outside Web. Even though the original application may not be malicious, the Web destinations that the user visits could play an important role in propagating attacks.In order to study such attacks we develop a systematic methodology consisting of three components related to triggering web links and advertisements, detecting malware and scam campaigns, and determining the provenance of such campaigns reaching the user. We have realized this methodology through various techniques and contributions and have developed a robust, integrated system capable of running continuously without human intervention. We deployed this system for a two-month period and analyzed over 600,000 applications in the United States and in China while triggering a total of about 1.5 million links in applications to the Web. We gain a general understanding of attacks through the app-web interface as well as make several interesting findings, including a rogue antivirus scam, free iPad and iPhone scams, and advertisements propagating SMS trojans disguised as fake movie players. In broader terms, our system enables locating attacks and identifying the parties (such as specific ad networks, websites, and applications) that intentionally or unintentionally let them reach the end users and, thus, increasing accountability from these parties.

show abstract

Apposcopy: semantics-based detection of Android malware through static analysis

Cited by 348 publications

References 28 publications

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection

Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware

Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces

Contact Info

Product

Resources

About