| Cybersecurity | |
| DroidEcho: an in-depth dissection of malicious behaviors in Android applications | |
| Guangdong Bai1 Ruitao Feng1 Guozhu Meng2 Yang Liu2 Kai Chen3 | |
| [1] Nanyang Technological University, Singapore, Singapore;SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China;Singapore Institute of Technology, Singapore, Singapore | |
| 关键词: Semantic attack model; Android malware detection; Inter-component communication graph; Privacy leakage; | |
| DOI : 10.1186/s42400-018-0006-7 | |
| 学科分类:计算机科学(综合) | |
| 来源: Springer | |
 PDF
|
|
【 摘 要 】
A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency. However, it is still far from expectation to describe attacks precisely on the Android platform. In addition, new features on Android, such as communication mechanisms, introduce new challenges and difficulties for attack detection. In this paper, we propose abstract attack models to precisely capture the semantics of various Android attacks, which include the corresponding targets, involved behaviors as well as their execution dependency. Meanwhile, we construct a novel graph-based model called the inter-component communication graph (ICCG) to describe the internal control flows and inter-component communications of applications. The models take into account more communication channel with a maximized preservation of their program logics. With the guidance of the attack models, we propose a static searching approach to detect attacks hidden in ICCG. To reduce false positive rate, we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms. Experiments show that DroidEcho can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.
【 授权许可】
CC BY
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO201904027276424ZK.pdf | 1468KB |  download |
878987797
028-85220240
