Droid-AntiRM

Wang, Xiaolei; Zhu, Sencun; Zhou, Dehua; Yang, Yuexiang

doi:10.1145/3134600.3134601

Cited by 25 publications

(3 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar to HiSenDroid, another line of work attempts to detect unknown types of trigger-based behaviors [57], [69]. A prominent example is HSOMiner [57], which extracts static characteristics of hidden behaviors as features and trains a machine learning model to identify the code blocks that observe similar patterns.…”

Section: Related Workmentioning

confidence: 99%

Demystifying Hidden Sensitive Operations in Android Apps

Sun

Chen

et al. 2023

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide malicious behavior implementation. This poses two problems to current research techniques: static analysis approaches, given their over-approximations, can report an overwhelming number of false alarms, while dynamic approaches will miss those behaviors that are hidden through evasion techniques. We propose in this work a static approach specifically targeted at highlighting hidden sensitive operations, mainly sensitive data flows. The prototype version of HiSenDroid has been evaluated on a large-scale dataset of thousands of malware and goodware samples on which it successfully revealed anti-analysis code snippets aiming at evading detection by dynamic analysis. We further experimentally show that, with FlowDroid, some of the hidden sensitive behaviors would eventually lead to private data leaks. Those leaks would have been hard to spot either manually among the large number of false positives reported by the state of the art static analyzers, or by dynamic tools. Overall, by putting the light on hidden sensitive operations, HiSenDroid helps security analysts in validating potential sensitive data operations, which would be previously unnoticed.

show abstract

Section: Related Workmentioning

confidence: 99%

Demystifying Hidden Sensitive Operations in Android Apps

Sun

Chen

et al. 2023

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

show abstract

“…On the other hand, Droid-AntiRM [40] aims to support dynamic analysis techniques by taming the anti-analysis techniques such as logic bomb section 5.6. Droid-AntiRMtr identifies those anti-analysis techniques and rewrites the condition statements in the App code to force the malicious behavior to be executed at analysis time, improving the performance of other dynamic analysis tools.…”

Section: Dynamic Analysismentioning

confidence: 99%

A Critical Analysis on Android Vulnerabilities, Malware, Anti-malware and Anti-malware Bypassing

Alrammal¹,

Alrammal²,

Naveed³

et al. 2022

Journal of Internet Technology

View full text Add to dashboard Cite

<p>Android has become the dominant operating system for portable devices, making it a valuable asset that needs protection. Though Android is very popular; it has several vulnerabilities which attackers use for malicious intents. In this paper, we present a comprehensive study on the threats in Android OS that various malware developers exploit and the different malware functionality based on Android’s threats. Furthermore, we analyze and evaluate the anti-malware approaches implemented to face the malware functionalities. Finally, we analyze and categorize malware developers’ most common anti-analysis techniques to evade anti-malware approaches. It comes to our attention that many papers covered each topic separately; however, we could not find one comprehensive study that covers Android with such details that it could be used as a research handbook on Android malware. This is the main novelty and contribution of this work.</p> <p> </p>

show abstract

“…Input Generation. Several works [6,4,15,24,1,40,45,37] aim at generating user inputs that can lead to the execution of specific functions. Systems based on static analysis allow for faster code coverage, but they can lack precision.…”

Section: Background and Related Workmentioning

confidence: 99%

Reach Me if You Can: On Native Vulnerability Reachability in Android Apps

Borzacchiello

Coppa

Maiorca

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Android applications ship with several native C/C++ libraries. Research on Android security has revealed that these libraries often come from third-party components that are not kept up to date by developers, possibly posing security concerns. To assess if known vulnerabilities in these libraries constitute an immediate security problem, we need to understand whether vulnerable functions could be reached when apps are executed (we refer to this problem as function reachability). In this paper, we propose DroidReach, a novel, static approach to assess the reachability of native function calls in Android apps. Our framework addresses the limitations of state-of-the-art approaches by employing a combination of heuristics and symbolic execution, allowing for a more accurate reconstruction of the Inter-procedural Control-Flow Graphs (ICFGs). On the top 500 applications from the Google Play Store, DroidReach can detect a significantly higher number of paths in comparison to previous works. Finally, two case studies show how DroidReach can be used as a valuable vulnerability assessment tool.

show abstract

Droid-AntiRM

Cited by 25 publications

References 30 publications

Demystifying Hidden Sensitive Operations in Android Apps

Demystifying Hidden Sensitive Operations in Android Apps

A Critical Analysis on Android Vulnerabilities, Malware, Anti-malware and Anti-malware Bypassing

Reach Me if You Can: On Native Vulnerability Reachability in Android Apps

Contact Info

Product

Resources

About