Droidchameleon: Evaluating android anti-malware against transformation attacks. Vaibhav Rastogi, Yan Chen, and Xuxian Jiang.In Proceedings of the 4th Program Protection and Reverse Engineering Workshop, page 4. ![]() Multi-app security analysis with fuse: Statically detecting android app collusion. Tristan Ravitch, E Rogan Creswick, Aaron Tomb, Adam Foltzer, Trevor Elliott, and Ledah Casburn.Information-flow analysis of android applications in droidsafe. Michael I Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilham, Nguyen Nguyen, and Martin Rinard.In Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE), May 2014. AsDroid: Detecting stealthy behaviors in android applications by user interface and program behavior contradiction. Jianjun Huang, Xiangyu Zhang, Lin Tan, Peng Wang, and Bin Liang.Apposcopy: Semantics-based detection of android malware through static analysis. Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken.Static Analysis of Android Apps: A Systematic Literature Review. Li Li, Tegawendé F Bissyandé, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Yves Le Traon.Obfuscation in android malware, and how to fight back. Andrubis- 1,000,000 apps later: A view on current android malware behaviors. Martina Lindorfer, Matthias Neugschw, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer.In Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, HASP ’14, pages 3:1–3:8, New York, NY, USA, 2014. Morpheus: Benchmarking computational diversity in mobile malware. Mikhail Kazdagli, Ling Huang, Vijay Reddi, and Mohit Tiwari.Manning Publications Co., Greenwich, CT, USA, 2004. Java Reflection in Action (In Action Series). We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. ![]() With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We propose the DroidRA instrumentation-based approach to address this issue in a non-invasive way. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. ![]() Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |