DroidEcho:an in-depth dissection of malicious behaviors in Android applications
作者机构:SKLOISInstitute of Information EngineeringChinese Academy of SciencesBeijingChina Nanyang Technological UniversitySingaporeSingapore Singapore Institute of TechnologySingaporeSingapore School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
出 版 物:《Cybersecurity》 (网络空间安全科学与技术(英文))
年 卷 期:2018年第1卷第1期
页 面:126-142页
核心收录:
学科分类:0810[工学-信息与通信工程] 1205[管理学-图书情报与档案管理] 0839[工学-网络空间安全] 08[工学] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术(可授工学、理学学位)]
基 金:supported in part by National Key R&D Program of China(No.2016QY04W0805) NSFC U1536106,61728209 National Top-notch Youth Talents Program of China Youth Innovation Promotion Association CAS Beijing Nova Program and a research grant from Ant Financial partly supported by International Cooperation Program on CyberSecurity,administered by SKLOIS,Institute of Information Engineering,Chinese Academy of Sciences,China(No.SNSBBH-2017111036)
主 题:Semantic attack model Android malware detection Inter-component communication graph Privacy leakage
摘 要:A precise representation for attacks can benefit the detection of malware in both accuracy and ***,it is still far from expectation to describe attacks precisely on the Android *** addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack *** this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution ***,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of *** models take into account more communication channel with a maximized preservation of their program *** the guidance of the attack models,we propose a static searching approach to detect attacks hidden in *** reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false *** show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.