Proceedings 2017 Network and Distributed System Security Symposium 2017
DOI: 10.14722/ndss.2017.23265
|View full text |Cite
|
Sign up to set email alerts
|

Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps

Abstract: Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
76
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
5
3
2

Relationship

1
9

Authors

Journals

citations
Cited by 53 publications
(77 citation statements)
references
References 12 publications
1
76
0
Order By: Relevance
“…We opted to develop a lightweight analysis approach that scales well and is sufficiently robust, similar to the approach used in [27]. Alternative techniques apply machine learning [31,35,38,44], black box differential analysis [9], or traffic signatures [7].…”
Section: Android App Analysismentioning
confidence: 99%
“…We opted to develop a lightweight analysis approach that scales well and is sufficiently robust, similar to the approach used in [27]. Alternative techniques apply machine learning [31,35,38,44], black box differential analysis [9], or traffic signatures [7].…”
Section: Android App Analysismentioning
confidence: 99%
“…We use real Android devices instead of emulated ones to avoid scenarios where apps and third-party libraries detect the analysis environment and modify their behavior accordingly. It has been shown that emulators are easy to fingerprint [47], [57], a fact that is exploited for example by ad libraries to only show ads and leak data when executed on a real device [46].…”
Section: Test Environmentmentioning
confidence: 99%
“…TriggerScope [26] relies on symbolic execution to detect suspicious triggering conditions of Android apps and check whether the path from the condition leads to a sensitive API. HsoMiner [43] classifies hidden sensitive operations on Android with a set of evasion-specific features. Recently, a report [50] discussed a Chameleon-like malware from Google Play: a multi-stage Android app that hides its malicious activities (i.e., phishing bank service) behind its legitimate-looking UI.…”
Section: Related Workmentioning
confidence: 99%