Static and Dynamic Analysis of Android Malware and Goodware Written with Unity Framework

Shim, Jaewoo; Lim, Kyeonghwan; Cho, Seong-Je; Park, Minkyu

doi:10.1155/2018/6280768

Cited by 11 publications

(3 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another issue in classifying Android malware families is to handle the malicious apps written with cross-platform mobile app development tools such as Unity, Cocos2D, PhoneGap, etc [59], [60]. In these cases, malicious code may be located in the javascript(js) file, or asset or lib folders of an APK, as opposed to the DEX file.…”

Section: Discussionmentioning

confidence: 99%

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

et al. 2022

Self Cite

View full text Add to dashboard Cite

It is important to effectively detect, mitigate, and defend against Android malware attacks, because Android malware has long represented a major threat to Android app security. Characterizing and classifying similar malicious apps into groups plays a particularly crucial role in building a secure Android app ecosystem. The classification of malware families can efficiently enhance the malware detection process and systematically elucidate malware patterns. In this paper, we propose a novel efficient deep learning network with multi-streams for Android malware family classification. We first obtain the input data for a convolutional neural network (CNN) in string format from some main files or sections contained in each Android malicious app. We then classify malware families by applying a 1-dimensional convolution filter-based network for the files or sections. Further, by using gradient analysis to visualize the important files and sections in malicious apps, we attempt to intuitively grasp which files or sections are the most significant for malware family classification. To validate the effectiveness of our approach, we conduct extensive experiments with the well-known DREBIN and AMD malware datasets, and we compare our approach with existing methods. Our experimental results show that the 1D CNN model is more accurate than the 2D CNN model, and that the code_item part in the classes.dex is the most relevant feature for malware classification, as it is more relevant than other parts such as AndroidManifest.xml and certificate. The proposed method achieves the best accuracy of 93.2% by using 1D convolution filters with multistreams for the main files and sections of the malware samples.

show abstract

Section: Discussionmentioning

confidence: 99%

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since most VR apps have been developed based on Unity to render 3D environment, achieve immersive user experience, and collect biometric data, we also review related work as follows. Shim et al [47] proposed a reverse engineering method with a combination of static and dynamic analysis to analyze malicious Unity apps. This tool can be used to analyze the native code of Java, C, C++, and the Mono layer where the C# code runs.…”

Section: Related Workmentioning

confidence: 99%

An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives

Guo,

Dai,

Luo

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

Although Virtual Reality (VR) has accelerated its prevalent adoption in emerging metaverse applications, it is not a fundamentally new technology. On one hand, most VR operating systems (OS) are based on off-the-shelf mobile OS (e.g., Android). As a result, VR apps also inherit privacy and security deficiencies from conventional mobile apps. On the other hand, in contrast to conventional mobile apps, VR apps can achieve immersive experience via diverse VR devices, such as head-mounted displays, body sensors, and controllers though achieving this requires the extensive collection of privacy-sensitive human biometrics (e.g., hand-tracking and facetracking data). Moreover, VR apps have been typically implemented by 3D gaming engines (e.g., Unity), which also contain intrinsic security vulnerabilities. Inappropriate use of these technologies may incur privacy leaks and security vulnerabilities although these issues have not received significant attention compared to the proliferation of diverse VR apps. In this paper, we develop a security and privacy assessment tool, namely the VR-SP detector for VR apps. The VR-SP detector has integrated program static analysis tools and privacy-policy analysis methods. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We obtain the original apps from the popular Oculus and SideQuest app stores and extract APK files via the Meta Oculus Quest 2 device. We evaluate security vulnerabilities and privacy data leaks of these VR apps by VR app analysis, taint analysis, and privacy-policy analysis. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps. Moreover, our results also reveal conflicting representations in the privacy policies of these apps and inconsistencies of the actual data collection with

show abstract

“…The detection and analysis model of malicious code consists of two pieces: feature extraction and classification. The current feature extraction method is usually divided into serval types: static analysis [5], [6], dynamic analysis [7], [8], dynamic and static fused analysis [9]- [11], the graphs-based approach [12]- [14] et.…”

Section: Related Workmentioning

confidence: 99%

Android Malware Analysis and Detection Based on Attention-CNN-LSTM

Luo¹,

Liu²,

Li³

et al. 2019

JCP

View full text Add to dashboard Cite

The increasing number of Android malware has made detection and analysis more difficult, aiming to the current malware attacking Android. This paper proposes an Android malware analysis and detection technology based on Attention-CNN-LSTM, which is a types of Multimodel Deep Learning. Selecting open source malware datasets of Drebin for research, extracting texture fingerprint information of Android malware to reflect the similarity of malware binary file blocks, at the same time, in order to improve the detection accuracy, AndroidMainfest.xml is treated as a text document, and its contextual text features are extracted through NLP. Besides, the above two types of features are merged to enhance the expression capability of texture fingerprint information , and Deep Belief Network is used to screen the above features. Above all, the texture fingerprint is processed by one-dimensional serial signal processing, and the end-to-end local correlation features are extracted according to a one-dimensional time-do main convolutional network. At the same time, considering the context relationship of the timing signal for the AndroidMainfest.xml text, combined with the LSTM model with stronger time-series modeling capabilities to analyze and detect the Android malicious code. The experimental results show that the proposed method can detect and analyze malware more effectively.

show abstract

Static and Dynamic Analysis of Android Malware and Goodware Written with Unity Framework

Cited by 11 publications

References 23 publications

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

Efficient Deep Learning Network With Multi-Streams for Android Malware Family Classification

An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives

Android Malware Analysis and Detection Based on Attention-CNN-LSTM

Contact Info

Product

Resources

About