GPFinder: Tracking the Invisible in Android Malware

Mourad Leslous 1 Valérie Viet Triem Tong 1 Jean-François Lalande 2 Thomas Genet 3
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA_D1 - SYSTÈMES LARGE ÉCHELLE
3 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA_D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Malicious Android applications use clever techniques to hide their real intents from the user and avoid detection by security tools. They resort to code obfuscation and dynamic loading, or wait for special events on the system like reboot or WiFi activation. Therefore, promising approaches aim to locate, study and execute specific parts of Android applications in order to monitor for suspicious behavior. They rely on Control Flow Graphs (CFGs) to obtain execution paths towards sensitive codes. We claim here that these CFGs are incomplete because they do not take into consideration implicit control flow calls, i.e., those that occur when the Android framework calls a method implemented in the application space. This article proposes a practical tool, GPFinder, exposing execution paths towards any piece of code considered as suspicious. GPFinder takes the Android framework into account and considers explicit and implicit control flow calls to build CFGs. Using GPFinder, we give global characteristics of application CFGs by studying a dataset of 14,224 malware and 2,311 goodware samples. We evaluate that 72.69% of the analyzed malicious samples have at least one suspicious method reachable only through implicit calls.
Type de document :
Communication dans un congrès
12th International Conference on Malicious and Unwanted Software, Oct 2017, Fajardo, Puerto Rico. IEEE Conputer Society, 12th International Conference on Malicious and Unwanted Software, pp.39-46, 2017, 〈10.1109/MALWARE.2017.8323955〉
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal-centralesupelec.archives-ouvertes.fr/hal-01584989
Contributeur : Jean-François Lalande <>
Soumis le : lundi 11 septembre 2017 - 08:57:55
Dernière modification le : jeudi 15 novembre 2018 - 11:58:59
Document(s) archivé(s) le : mardi 12 décembre 2017 - 18:07:50

Fichiers

camera.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Mourad Leslous, Valérie Viet Triem Tong, Jean-François Lalande, Thomas Genet. GPFinder: Tracking the Invisible in Android Malware. 12th International Conference on Malicious and Unwanted Software, Oct 2017, Fajardo, Puerto Rico. IEEE Conputer Society, 12th International Conference on Malicious and Unwanted Software, pp.39-46, 2017, 〈10.1109/MALWARE.2017.8323955〉. 〈hal-01584989〉

Partager

Métriques

Consultations de la notice

1312

Téléchargements de fichiers

266