Mining Apps for Abnormal Usage of Sensitive Data

被引：176

作者：

Avdiienko, Vitalii ^{[1
]}

Kuznetsov, Konstantin ^{[1
]}

Gorla, Alessandra ^{[2
]}

Zeller, Andreas ^{[1
]}

Arzt, Steven ^{[3
]}

Rasthofer, Siegfried ^{[3
]}

Bodden, Eric ^{[3
,4
]}

机构：

[1] Univ Saarland, Saarbrucken, Germany

[2] IMDEA Software Inst, Madrid, Spain

[3] Tech Univ Darmstadt, Darmstadt, Germany

[4] Fraunhofer SIT, Darmstadt, Germany

来源：

2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 1 | 2015年

关键词：

D O I：

10.1109/ICSE.2015.61

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

What is it that makes an app malicious? One important factor is that malicious apps treat sensitive data differently from benign apps. To capture such differences, we mined 2,866 benign Android applications for their data flow from sensitive sources, and compare these flows against those found in malicious apps. We find that (a) for every sensitive source, the data ends up in a small number of typical sinks; (b) these sinks differ considerably between benign and malicious apps; (c) these differences can be used to flag malicious apps due to their abnormal data flow; and (d) malicious apps can be identified by their abnormal data flow alone, without requiring known malware samples. In our evaluation, our MUDFLOW prototype correctly identified 86.4% of all novel malware, and 90.1% of novel malware leaking sensitive data.

引用

页码：426 / 436

页数：11

共 29 条

[1] A Forensic Analysis of Android Malware How is Malware Written and How it Could be Detected?
Allix, Kevin
Jerome, Quentin
Bissyande, Tegawende F.
Klein, Jacques
State, Radu
Le Traon, Yves
[J]. 2014 IEEE 38TH ANNUAL INTERNATIONAL COMPUTERS, SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), 2014, : 384 - 393
[2] [Anonymous], 2014 NETW DISTR SYST
[3] [Anonymous], P 22 ACM SIGSOFT INT
[4] [Anonymous], 2012, ANDROID SECURITY
[5] [Anonymous], 2012, TRUST TRUSTWORTHY CO
[6] Arp D., 2014, 2014 NETW DISTR SYST
[7] Arzt S, 2014, ACM SIGPLAN NOTICES, V49, P259, DOI [10.1145/2666356.2594299, 10.1145/2594291.2594299]
[8] Au K. W. Y., 2012, Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, ACM, New York, NY, USA, P217, DOI 10.1145/2382196.2382222
[9] Bay S.D, 2003, KDD 03, P29, DOI [10.1145/956750.956758, DOI 10.1145/956750.956758]
[10] Chakradeo S., 2013, P 6 ACM C SEC PRIV W, P13, DOI DOI 10.1145/2462096.2462100

← 1 2 3 →