Revealing Similarities in Android Malware by Dissecting their Methods

被引:1
作者
Pasetto, Michele [1 ]
Marastoni, Niccolo [1 ]
Dalla Preda, Mila [1 ]
机构
[1] Univ Verona, Verona, Italy
来源
2020 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2020) | 2020年
关键词
Program Analysis; Similarity; Android Malware; OBFUSCATION;
D O I
10.1109/EuroSPW51379.2020.00090
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
One of the most challenging problems in the fight against Android malware is finding a way to classify them according to their behavior, in order to be able to utilize previously gathered knowledge in analysis and prevention. In this paper we introduce a novel technique that discovers similarities between Android malware samples by comparing fragments of executed traces (strands) generated from their most suspect methods. This way we can accurately pinpoint which (possibly) malicious behaviors are shared between these different samples, allowing for easier analysis and classification. We implement this approach in a tool, StrAndroid, that we evaluate on a few dataset of malware and ransomware samples, comparing its results to an existing similarity tool.
引用
收藏
页码:625 / 634
页数:10
相关论文
共 35 条
[1]  
Aafer Y, 2013, L N INST COMP SCI SO, V127, P86
[2]   code2vec: Learning Distributed Representations of Code [J].
Alon, Uri ;
Zilberstein, Meital ;
Levy, Omer ;
Yahav, Eran .
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2019, 3 (POPL)
[3]  
Barnett M, 2006, LECT NOTES COMPUT SC, V4111, P364
[4]   Cython: The Best of Both Worlds [J].
Behnel, Stefan ;
Bradshaw, Robert ;
Citro, Craig ;
Dalcin, Lisandro ;
Seljebotn, Dag Sverre ;
Smith, Kurt .
COMPUTING IN SCIENCE & ENGINEERING, 2011, 13 (02) :31-39
[5]  
Boiman Oren., 2007, NIPS, P177
[6]  
Brumley David, 2011, Computer Aided Verification. Proceedings 23rd International Conference, CAV 2011, P463, DOI 10.1007/978-3-642-22110-1_37
[7]   Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology [J].
Preda M.D. ;
Maggi F. .
Journal of Computer Virology and Hacking Techniques, 2017, 13 (03) :209-232
[8]  
David Y, 2016, ACM SIGPLAN NOTICES, V51, P266, DOI [10.1145/2908080.2908126, 10.1145/2980983.2908126]
[9]   Understanding Android Security [J].
Enck, William ;
Ongtang, Machigair ;
McDaniel, Patrick .
IEEE SECURITY & PRIVACY, 2009, 7 (01) :50-57
[10]   Evaluation of Android Anti Malware Techniques against Dalvik Bytecode Obfuscation [J].
Faruki, Parvez ;
Bharmal, Ammar ;
Laxmi, Vijay ;
Gaur, M. S. ;
Conti, Mauro ;
Rajarajan, Muttukrishnan .
2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), 2014, :414-421
1234