DroidEcho:an in-depth dissection of malicious behaviors in Android applications

作     者：Guozhu Meng Ruitao Feng Guangdong Bai Kai Chen Yang Liu 

作者机构：SKLOISInstitute of Information EngineeringChinese Academy of SciencesBeijingChina Nanyang Technological UniversitySingaporeSingapore Singapore Institute of TechnologySingaporeSingapore School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina 

出 版 物：《Cybersecurity》 (网络空间安全科学与技术（英文）)

年 卷 期：2018年第1卷第1期

页      面：126-142页

核心收录：

学科分类：0810[工学-信息与通信工程] 1205[管理学-图书情报与档案管理] 0839[工学-网络空间安全] 08[工学] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported in part by National Key R&D Program of China(No.2016QY04W0805) NSFC U1536106,61728209 National Top-notch Youth Talents Program of China Youth Innovation Promotion Association CAS Beijing Nova Program and a research grant from Ant Financial partly supported by International Cooperation Program on CyberSecurity,administered by SKLOIS,Institute of Information Engineering,Chinese Academy of Sciences,China(No.SNSBBH-2017111036) 

主　　题：Semantic attack model Android malware detection Inter-component communication graph Privacy leakage 

摘      要：A precise representation for attacks can benefit the detection of malware in both accuracy and ***,it is still far from expectation to describe attacks precisely on the Android *** addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack *** this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution ***,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of *** models take into account more communication channel with a maximized preservation of their program *** the guidance of the attack models,we propose a static searching approach to detect attacks hidden in *** reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false *** show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.