Dexteroid: Detecting malicious behaviors in Android apps using reverse-engineered life cycle models

Junaid, Mohsin; Liu, Donggang; Kung, David Chenho

doi:10.1016/j.cose.2016.01.008

Cited by 35 publications

(22 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, in [88], a framework for detecting information leakage based on source-sink API tracking has been proposed. Also, in [89], a flow analysisbased framework has been proposed for detecting the potential malicious behaviour based on tracking the sensitive information from the source method to the sink method. • Other semantic features In some works, a semantic pattern was generated based on the app's description which crawled from the app store and the generated pattern has been compared with the actual behaviour of the app.…”

Section: Semantic Featuresmentioning

confidence: 99%

“…The digitized values have been converted into image and the constructed images have been fed to a convolutional neural network which adopted as a classifier. Also, in [89], a static analysis framework called DroidDee-pLearner has been developed to characterize Android malware. Multiple static features have been extracted and a deep learning model has been adopted to distinguish the malware and benign-ware.…”

Section: Clustering Algorithms This Type Of Algorithms Ismentioning

confidence: 99%

“…Generally, the benign-ware dataset in most of the studied works such as [33,51,54,61,67,71,[85][86][87][88][89]125] was collected from the official Android app market (Google Play). In some other works, the benign dataset has been collected from the third-party markets such as in [49,94,126,127].…”

Section: Benign Datasetmentioning

confidence: 99%

“…We found that well-known malware datasets such as Malgenome [130] have been used in the most of studied works. The well-known datasets have been used in many works such as [32,48,52,89]. Also, special datasets that collected from the internet have been used in some works such as [33].…”

Section: Malicious Datasetmentioning

confidence: 99%

See 3 more Smart Citations

The Android malware detection systems between hope and reality

2019

View full text Add to dashboard Cite

The widespread use of Android-based smartphones made it an important target for malicious applications' developers. So, a large number of frameworks have been proposed to tackle the huge number of daily published malwares. Despite there are many review papers that have been conducted in order to shed light on the works that achieved in Android malware analysing domain, the number of conducted review papers do not fit with the importance of this research field and with the volume of achieved works. Also, there is no comprehensive taxonomy for all research trends in the field of analysing malicious applications targeting the Android system. Furthermore, none of the existing review papers contains a schematic model that makes it easy for the reader to know the methods and methodologies used in a particular field of research without much effort. This paper aims at proposing a comprehensive taxonomy and suggesting a new schematic review approach. To this end, a review of a large number of works that achieved between 2009 and 2019 has been conducted. The achieved study includes more than 200 papers that have different goals such as apps' behaviour analysis, automatic user interface triggers or packer/unpacker frameworks development. Also, a comprehensive taxonomy has been proposed so that most of the previous works can be classified under it. To the best of our knowledge, the suggested taxonomy is the widest and the most comprehensive in terms of the covered research trends. Moreover, we have proposed a detailed schematic model (called Schematic Review Model) illustrates the process of detecting the malignant applications of an Android in the light of the studied works and the proposed taxonomy. To our knowledge, this is the first time that the Android malware detection methods have been explained in this way with this amount of detail. Furthermore, the studied researches have been analysed according to multiple criteria such as used analysing method, used features, used detection method, and used dataset. Also, the features used in the studied works were discussed in detail by dividing it into multiple classes. Moreover, the challenges facing Android's malware analysing methods were discussed in detail. Finally, it has been concluded that there are gaps between the size and the goal of the conducted works and the number of malicious apps published every day, so some future works areas have been proposed and discussed.

show abstract

Section: Semantic Featuresmentioning

confidence: 99%

Section: Clustering Algorithms This Type Of Algorithms Ismentioning

confidence: 99%

Section: Benign Datasetmentioning

confidence: 99%

Section: Malicious Datasetmentioning

confidence: 99%

See 2 more Smart Citations

The Android malware detection systems between hope and reality

2019

View full text Add to dashboard Cite

show abstract

“…Authors focus only on main classes and methods, and neglect other callbacks that may be called by the framework. In [13], authors use lifecyle callbacks of Android applications to build a model of the application and then detect malicious behaviors. This approach focuses only on lifecyle callbacks and does not handle other types of implicit calls.…”

Section: Related Workmentioning

confidence: 99%

GPFinder: Tracking the invisible in Android malware

Leslous

Tông

Lalande

et al. 2017

2017 12th International Conference on Malicious and Unwanted Software (MALWARE)

View full text Add to dashboard Cite

Malicious Android applications use clever techniques to hide their real intents from the user and avoid detection by security tools. They resort to code obfuscation and dynamic loading, or wait for special events on the system like reboot or WiFi activation. Therefore, promising approaches aim to locate, study and execute specific parts of Android applications in order to monitor for suspicious behavior. They rely on Control Flow Graphs (CFGs) to obtain execution paths towards sensitive codes. We claim here that these CFGs are incomplete because they do not take into consideration implicit control flow calls, i.e., those that occur when the Android framework calls a method implemented in the application space. This article proposes a practical tool, GPFinder, exposing execution paths towards any piece of code considered as suspicious. GPFinder takes the Android framework into account and considers explicit and implicit control flow calls to build CFGs. Using GPFinder, we give global characteristics of application CFGs by studying a dataset of 14,224 malware and 2,311 goodware samples. We evaluate that 72.69% of the analyzed malicious samples have at least one suspicious method reachable only through implicit calls.

show abstract

SEMEO: A Semantic Equivalence Analysis Framework for Obfuscated Android Applications

Zhen¹

2022

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Dexteroid: Detecting malicious behaviors in Android apps using reverse-engineered life cycle models

Cited by 35 publications

References 26 publications

The Android malware detection systems between hope and reality

The Android malware detection systems between hope and reality

GPFinder: Tracking the invisible in Android malware

SEMEO: A Semantic Equivalence Analysis Framework for Obfuscated Android Applications

Contact Info

Product

Resources

About