EspyDroid+: Precise reflection analysis of android apps

Gajrani, Jyoti; Agarwal, Umang; Laxmi, Vijay; Bezawada, Bruhadeshwar; Gaur, Manoj Singh; Tripathi, Meenakshi; Zemmari, Akka

doi:10.1016/j.cose.2019.101688

Cited by 21 publications

(16 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ahmed et al [21] have designed a hybrid StaDART malware detection method for dynamic code update features. In another form [22], Gajrani et al have presented a hybrid analysis approach EspyDroid + that incorporates a reflection-guided static slicing (RGSS) method, which helps handle C&C-controlled execution, logic bombs, time bombs, etc. In another study, Ali-Gombe et al [23] designed the hybrid analysis technique named AspectDroid in which 100 malware and 100 benign ware apps were evaluated and achieved 94.68% accuracy.…”

Section: Dynamic Analysismentioning

confidence: 99%

CFSBFDroid: Android Malware Detection Using CFS + Best First Search-Based Feature Selection

Sharma

Agrawal

Kumar

et al. 2022

Mobile Information Systems

View full text Add to dashboard Cite

With the fast development of smartphone technology and mobile applications, the mobile phone has become the most powerful tool to access the Internet and get various services with one click. Meanwhile, susceptibilities of the application are the primary hazard to the security of Android devices. Due to these weaknesses, an attacker can easily hack the confidential data of the mobile phone. The malware application automatically performs fraudulent activities on mobile phones without the user's knowledge. Thus, these attacks are the major threats to the security of mobile phones. To detect malicious applications installed on Android smartphones, we have conducted a study that focuses on permissions and intent-based mechanisms. The study was done in three phases: in the first phase, the dataset was created by extracting intents and permissions from APK files; in the second phase, correlation-based feature selection (CFS) and best first search (BFS) were combined to select the most representative features from the feature space of the extracted dataset; and in the third phase, machine learning (ML) techniques were trained and tested against the preprocessed dataset obtained in the second phase. The accuracy, precision, recall, F1 score, and error metrics of seven machine learning techniques (REPTree, Rule PART, RF, SMO, SGD, MCC, and LMT) were demonstrated over the Android dataset.

show abstract

Section: Dynamic Analysismentioning

confidence: 99%

CFSBFDroid: Android Malware Detection Using CFS + Best First Search-Based Feature Selection

Sharma

Agrawal

Kumar

et al. 2022

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…There are several approaches for app malware detection. Approaches including EspyDroid [20], AndroShield [21], Droidcat [22], and RevealDroid [23] are used as solutions for obfuscation camouflage techniques such as junk code insertion, package renaming, and altering control-flow [24][25][26].…”

Section: Related Workmentioning

confidence: 99%

A Novel Monte-Carlo Simulation-Based Model for Malware Detection (eRBCM)

2021

View full text Add to dashboard Cite

The use of innovative and sophisticated malware definitions poses a serious threat to computer-based information systems. Such malware is adaptive to the existing security solutions and often works without detection. Once malware completes its malicious activity, it self-destructs and leaves no obvious signature for detection and forensic purposes. The detection of such sophisticated malware is very challenging and a non-trivial task because of the malware’s new patterns of exploiting vulnerabilities. Any security solutions require an equal level of sophistication to counter such attacks. In this paper, a novel reinforcement model based on Monte-Carlo simulation called eRBCM is explored to develop a security solution that can detect new and sophisticated network malware definitions. The new model is trained on several kinds of malware and can generalize the malware detection functionality. The model is evaluated using a benchmark set of malware. The results prove that eRBCM can identify a variety of malware with immense accuracy.

show abstract

“…each state satisfies tt and no state satisfies ff (as shown by ( 14) in Table 2); -a state satisfies φ 1 ∨ φ 2 (φ 1 ∧ φ 2 ) if it satisfies φ 1 or (and) φ 2 (as shown by (15) in Table 2). -…”

Section: Model Checking Backgroundmentioning

confidence: 99%

“…We chose ICC attacks since they are the most common ones used to launch colluding interactions, as demonstrated in [14][15][16][17].…”

Section: Introductionmentioning

confidence: 99%

Detecting Colluding Inter-App Communication in Mobile Environment

et al. 2020

View full text Add to dashboard Cite

The increase in computing capabilities of mobile devices has, in the last few years, made possible a plethora of complex operations performed from smartphones and tablets end users, for instance, from a bank transfer to the full management of home automation. Clearly, in this context, the detection of malicious applications is a critical and challenging task, especially considering that the user is often totally unaware of the behavior of the applications installed on their device. In this paper, we propose a method to detect inter-app communication i.e., a colluding communication between different applications with data support to silently exfiltrate sensitive and private information. We based the proposed method on model checking, by representing Android applications in terms of automata and by proposing a set of logic properties to reduce the number of comparisons and a set of logic properties automatically generated for detecting colluding applications. We evaluated the proposed method on a set of 1092 Android applications, including different colluding attacks, by obtaining an accuracy of 1, showing the effectiveness of the proposed method.

show abstract

EspyDroid+: Precise reflection analysis of android apps

Cited by 21 publications

References 6 publications

CFSBFDroid: Android Malware Detection Using CFS + Best First Search-Based Feature Selection

CFSBFDroid: Android Malware Detection Using CFS + Best First Search-Based Feature Selection

A Novel Monte-Carlo Simulation-Based Model for Malware Detection (eRBCM)

Detecting Colluding Inter-App Communication in Mobile Environment

Contact Info

Product

Resources

About