Files and links (2)
Published (Version of record)CC BY V4.0, Open Access
Published (Version of record)CC BY V4.0, Open
Journal article
DroidEcho: an in-depth dissection of malicious behaviors in Android applications
Cybersecurity (Singapore), Vol.1, 4
05/06/2018
Metrics
Abstract
A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency. However, it is still far from expectation to describe attacks precisely on the Android platform. In addition, new features on Android, such as communication mechanisms, introduce new challenges and difficulties for attack detection. In this paper, we propose abstract attack models to precisely capture the semantics of various Android attacks, which include the corresponding targets, involved behaviors as well as their execution dependency. Meanwhile, we construct a novel graph-based model called the inter-component communication graph (ICCG) to describe the internal control flows and inter-component communications of applications. The models take into account more communication channel with a maximized preservation of their program logics. With the guidance of the attack models, we propose a static searching approach to detect attacks hidden in ICCG. To reduce false positive rate, we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms. Experiments show that DroidEcho can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.
Details
- Title
- DroidEcho: an in-depth dissection of malicious behaviors in Android applications
- Creators
- Guozhu Meng - Institute of Information EngineeringRuitao Feng - Nanyang Technological UniversityGuangdong Bai - Singapore Institute of TechnologyKai Chen - Institute of Information EngineeringYang Liu - Nanyang Technological University
- Publication Details
- Cybersecurity (Singapore), Vol.1, 4
- Publisher
- Springer Nature
- Number of pages
- 17
- Grant note
- 2016QY04W0805 / National Key R&D Program of China National Top-notch Youth Talents Program of China SNSBBH-2017111036 / International Cooperation Program on CyberSecurity Youth Innovation Promotion Association CAS, Beijing Nova Program U1536106; 61728209 / NSFC; National Natural Science Foundation of China (NSFC)
- Identifiers
- 991013214583102368
- Copyright
- © The Author(s) 2018. Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License,(http://creativecommons.org/licenses/by/4.0/).
- Academic Unit
- Information Technology; Faculty of Science and Engineering
- Language
- English
- Resource Type
- Journal article