Sound and precise malware analysis for android via pushdown reachability and entry-point saturation

Liang, Shuying; Keep, Andrew W.; Might, Matthew; Lyde, Steven; Gilray, Thomas; Aldous, Peter; Horn, David Van

doi:10.1145/2516760.2516769

Cited by 35 publications

(22 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…C o n te x t-S e n si ti v e F lo w -S e n si ti v e F ie ld -S e n si ti v e O b je c t-S e n si ti v e P a th -S e n si ti v e Anadroid [36] 3 3 3 7 3 Total 30 31 36 15 5 In theory, the more sensitivities considered, the more precise the analysis is. It is thus reasonable to state that only one approach, namely TRESHER [106], achieves high precision by taking into account all sensitivities.…”

Section: Toolmentioning

confidence: 99%

Static analysis of android apps: A systematic literature review

Bissyand

Papadakis

et al. 2017

Information and Software Technology

285

178

View full text Add to dashboard Cite

Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps.Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put and enumerate the key aspects where future researches are still needed.Method: We have performed a systematic literature review which involves studying around 90 research papers published in software engineering, programming languages and security venues. This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed.Results: Our in-depth examination have led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available.Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.

show abstract

Section: Toolmentioning

confidence: 99%

Static analysis of android apps: A systematic literature review

Bissyand

Papadakis

et al. 2017

Information and Software Technology

285

178

View full text Add to dashboard Cite

show abstract

“…The bot samples in our experiment use network connectivity as their main communication means. However, some of them use SMS, not as the main communication means, but just to intercept incoming messages and leak their content to attackers via network traffic (Liang et al 2013;Seo et al 2013).…”

Section: Malicious Applicationsmentioning

confidence: 99%

Evaluation of machine learning classifiers for mobile malware detection

et al. 2014

View full text Add to dashboard Cite

Mobile devices have become a significant part of people's lives, leading to an increasing number of users involved with such technology. The rising number of users invites hackers to generate malicious applications. Besides, the security of sensitive data available on mobile devices is taken lightly. Relying on currently developed approaches is not sufficient, given that intelligent malware keeps modifying rapidly and as a result becomes more difficult to detect. In this paper, we propose an alternative solution to evaluating malware detection using the anomaly-based approach with machine learning classifiers. Among the various network traffic features, the four categories selected are basic information, content based, time based and connection based. The evaluation utilizes two datasets: public (i.e. MalGenome) and private (i.e. self-collected). Based on the evaluation results, both the Bayes network and random forest classifiers produced more accurate readings, with a 99.97 % true-positive rate (TPR) as opposed to the multi-layer perceptron with only 93.03 % on the MalGenome dataset. However, this experiment revealed that the k-nearest neighbor classifier efficiently detected the latest Android malware with an 84.57 % truepositive rate higher than other classifiers. Communicated by V. Loia.

show abstract

“…It is an effective semantic-based abstract interpretation framework to detect maliciousness in Android applications [15]. However, the analysis still suffers from the performance bottleneck originating from the subsumption testing during fixed point computation.…”

Section: Application: Pushdown Control Flow Analysis For Objectmentioning

confidence: 99%

“…The details of this analyzer can be found in [15]. It is the same analyzer we have used in the later evaluation section VIII.…”

Section: Introductionmentioning

confidence: 99%

Fast Flow Analysis with Godel Hashes

Liang

Sun

Might

2014

2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation

Self Cite

View full text Add to dashboard Cite

Abstract-Flow analysis, such as control-flow, data-flow, and exception-flow analysis, usually depends on relational operations on flow sets. Unfortunately, set related operations, such as inclusion and equality, are usually very expensive. They can easily take more than 97% of the total analyzing time, even in a very simple analysis. We attack this performance bottleneck by proposing Gödel hashes to enable fast and precise flow analysis. Gödel hashes is an ultra compact, partial-order-preserving, fast and perfect hashing mechanism, inspired by the proofs of Gödel's incompleteness theorems. Compared with array-, tree-, traditional hash-, and bit vector-backed set implementations, we find Gödel hashes to be tens or even hundreds of times faster for performance in the critical operations of inclusion and equality. We apply Gödel hashes in real-world analysis for object-oriented programs. The instrumented analysis is tens of times faster than the one with original data structures on DaCapo benchmarks.

show abstract

Sound and precise malware analysis for android via pushdown reachability and entry-point saturation

Cited by 35 publications

References 30 publications

Static analysis of android apps: A systematic literature review

Static analysis of android apps: A systematic literature review

Evaluation of machine learning classifiers for mobile malware detection

Fast Flow Analysis with Godel Hashes

Contact Info

Product

Resources

About