Publication Type
Journal Article
Version
acceptedVersion
Publication Date
11-2017
Abstract
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.
Keywords
Android, piggybacked app, malicious code, HookRanker
Discipline
Programming Languages and Compilers | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
Journal of Computer Science and Technology
Volume
32
Issue
6
First Page
1108
Last Page
1124
ISSN
1000-9000
Identifier
10.1007/s11390-017-1786-z
Publisher
Springer Verlag (Germany)
Citation
LI, Li; LI, Daoyuan; BISSYANDE, Tegawende F.; KLEIN, Jacques; CAI, Haipeng; LO, David; and LE TRAON, Yves.
On locating malicious code in piggybacked Android apps. (2017). Journal of Computer Science and Technology. 32, (6), 1108-1124.
Available at: https://ink.library.smu.edu.sg/sis_research/3914
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1007/s11390-017-1786-z