Repackman: a tool for automatic repackaging of Android apps

Salem, Aleieldin; Paulus, F. Franziska; Pretschner, Alexander

doi:10.1145/3243218.3243224

Cited by 8 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Feature-based attacks are implemented easily and automatically by an ML [45]- [49]. However, when implementing the changes into an application, the functionality of the app can be severely damaged [23], [30], [50], [51]. As this study implements problem-based EAs, the focus of Section II-B is problembased EAs.…”

Section: Related Workmentioning

confidence: 99%

Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier

Berger¹,

Hajaj

Mariconti³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier

Berger¹,

Hajaj

Mariconti³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

“…The mining code packaged as an application (app for short) can be more persistent than website visits, by running in the background and when the user is not present. The cost of creating and distributing a miner is negligible, given the ease of application repackaging [32] on Android and the availability of mining libraries [20]. But miners are particularly dangerous for mobile devices.…”

Section: Introductionmentioning

confidence: 99%

Dissecting Android Cryptocurrency Miners

Dashevskyi

Zhauniarovich²,

Gadyatskaya

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work, we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. We analyzed the collected miners and identified how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. We have also analyzed our dataset with VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service.Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection. We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our tool dubbed BRENNTDROID is able to detect miners with 95% of accuracy on our dataset.

show abstract

“…The feature-based attacks can be generated automatically by an ML [46], [47], [48], [49], [50]. Still, the correlated code in the sample that needs to be changed according to these attacks may severely damage the functionality of the sample [51], [52], [53], [54]. Therefore, feature-based evasion attacks are less realizable.…”

Section: Related Workmentioning

confidence: 99%

MaMaDroid2.0 -- The Holes of Control Flow Graphs

Berger¹,

Hajaj²,

Mariconti³

et al. 2022

Preprint

View full text Add to dashboard Cite

Android malware is a continuously expanding threat to billions of mobile users around the globe. Detection systems are updated constantly to address these threats. However, a backlash takes the form of evasion attacks, in which an adversary changes malicious samples such that those samples will be misclassified as benign. This paper fully inspects a well-known Android malware detection system, MaMaDroid, which analyzes the control flow graph of the application. Changes to the portion of benign samples in the train set and models are considered to see their effect on the classifier. The changes in the ratio between benign and malicious samples have a clear effect on each one of the models, resulting in a decrease of more than 40% in their detection rate. Moreover, adopted ML models are implemented as well, including 5-NN, Decision Tree, and Adaboost. Exploration of the six models reveals a typical behavior in different cases, of tree-based models and distance-based models. Moreover, three novel attacks that manipulate the CFG and their detection rates are described for each one of the targeted models. The attacks decrease the detection rate of most of the models to 0%, with regards to different ratios of benign to malicious apps. As a result, a new version of MaMaDroid is engineered. This model fuses the CFG of the app and static analysis of features of the app. This improved model is proved to be robust against evasion attacks targeting both CFG-based models and static analysis models, achieving a detection rate of more than 90% against each one of the attacks.

show abstract

Repackman: a tool for automatic repackaging of Android apps

Cited by 8 publications

References 10 publications

Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier

Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier

Dissecting Android Cryptocurrency Miners

MaMaDroid2.0 -- The Holes of Control Flow Graphs

Contact Info

Product

Resources

About