Apposcopy: Semantics-Based Detection of Android Malware through Static Analysis

被引：260

作者：

Feng, Yu ^{[1
]}

Anand, Saswat ^{[2
]}

Dillig, Isil ^{[1
]}

Aiken, Alex ^{[2
]}

机构：

[1] Univ Texas Austin, Austin, TX 78712 USA

[2] Stanford Univ, Stanford, CA 94305 USA

来源：

22ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (FSE 2014) | 2014年

关键词：

Android; Inter-component Call Graph; Taint Analysis;

D O I：

10.1145/2635868.2635869

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families.

引用

页码：576 / 587

页数：12

共 35 条

[1]

Aafer Yousra, 2013, SECURECOMM

[2]

[Anonymous], 2012, P 10 INT C MOB SYST

[3]

[Anonymous], 2011, NDSS

[4]

[Anonymous], 2012, Proceedings of the 19th ACM Conference on Computer and Communications Security, DOI DOI 10.1145/2382196.2382223

[5]

[Anonymous], USENIX SEC S

[6]

[Anonymous], 1994, Program analysis and specialization for the C programming language

[7]

[Anonymous], 2012, NDSS

[8]

[Anonymous], 2013, NDSS

[9]

[Anonymous], 2012, TRUST TRUSTWORTHY CO

[10]

[Anonymous], 2012, P 2 ACM C DATA APPL, DOI DOI 10.1145/2133601.2133640

← 1 2 3 4 →