On Locating Malicious Code in Piggybacked Android Apps  被引量：2

作　　者：Li Li Daoyuan Li Tegawende F. Bissyande Jacques Klein Haipeng Cai David Lo Yves Le Traon 

机构地区：[1]Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg 2721, Luxembourg [2]School of Electrical Engineering and Computer Science, Washington State University, Washington, WA 99163, U.S.A. [3]School of Information Systems, Singapore Management University, Singapore 178902, Singapore

出　　处：《Journal of Computer Science & Technology》2017年第6期1108-1124,共17页计算机科学技术学报（英文版）

摘　　要：To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.

关 键 词：ANDROID piggybacked app malicious code HookRanker 

分 类 号：TP0[自动化与计算机技术]