Apposcopy: Semantics-Based Detection of Android Malware through Static Analysis

被引：252

作者：

Feng, Yu ^{[1
]}

Anand, Saswat ^{[2
]}

Dillig, Isil ^{[1
]}

Aiken, Alex ^{[2
]}

机构：

[1] Univ Texas Austin, Austin, TX 78712 USA

[2] Stanford Univ, Stanford, CA 94305 USA

来源：

22ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (FSE 2014) | 2014年

关键词：

Android; Inter-component Call Graph; Taint Analysis;

D O I：

10.1145/2635868.2635869

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families.

引用

页码：576 / 587

页数：12

共 35 条

[1] Aafer Yousra, 2013, SECURECOMM
[2] [Anonymous], 2012, P 10 INT C MOB SYST
[3] [Anonymous], 2011, NDSS
[4] [Anonymous], 2012, Proceedings of the 19th ACM Conference on Computer and Communications Security, DOI DOI 10.1145/2382196.2382223
[5] [Anonymous], USENIX SEC S
[6] [Anonymous], 1994, Program analysis and specialization for the C programming language
[7] [Anonymous], 2012, NDSS
[8] [Anonymous], 2013, NDSS
[9] [Anonymous], 2012, TRUST TRUSTWORTHY CO
[10] [Anonymous], 2012, P 2 ACM C DATA APPL, DOI DOI 10.1145/2133601.2133640

← 1 2 3 4 →