research-article

Apposcopy: semantics-based detection of Android malware through static analysis

Authors:

Alex AikenAuthors Info & Claims

FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Pages 576 - 587

https://doi.org/10.1145/2635868.2635869

Published: 11 November 2014 Publication History

Abstract

We present Apposcopy, a new semantics-based approach for identifying a prevalent class of Android malware that steals private user information. Apposcopy incorporates (i) a high-level language for specifying signatures that describe semantic characteristics of malware families and (ii) a static analysis for deciding if a given application matches a malware signature. The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively and reliably pinpoint malicious applications that belong to certain malware families.

References

[1]

Android malware genome project. http://www.malgenomeproject.org/.

[2]

ProGuard. http://proguard.sourceforge.net/.

[3]

Q2 IT evolution threat report. http://www.securelist.com/en/analysis/ 204792299/IT_Threat_Evolution_Q2_2013.

[4]

US homeland security report. http://info.publicintelligence.net/ DHS-FBI-AndroidThreats.pdf.

[5]

VirusTotal. https://www.virustotal.com/en/.

[6]

Y. Aafer, W. Du, and H. Yin. DroidAPIMiner: Mining API-level features for robust malware detection in Android. In SecureComm, 2013.

[7]

L. O. Andersen. Program analysis and specialization for the C programming language. PhD thesis, University of Cophenhagen, 1994.

[8]

D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, K. Rieck, and C. Siemens. Drebin: Effective and explainable detection of android malware in your pocket. 2014.

[9]

A. Bose, X. Hu, K. G. Shin, and T. Park. Behavioral detection of malware on mobile handsets. In MobiSys, pages 225–238, 2008.

Digital Library

[10]

S. Chakradeo, B. Reaves, P. Traynor, and W. Enck. Mast: triage for market-scale mobile malware analysis. In WISEC, pages 13–24, 2013.

Digital Library

[11]

K. Z. Chen, N. M. Johnson, V. D’Silva, S. Dai, K. MacNamara, T. Magrino, E. X. Wu, M. Rinard, and D. X. Song. Contextual policy enforcement in Android applications with permission event graphs. In NDSS, 2013.

[12]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In MobiSys, pages 239–252, 2011.

Digital Library

[13]

M. Christodorescu, S. Jha, S. A. Seshia, D. X. Song, and R. E. Bryant. Semantics-aware malware detection. In Security and Privacy, pages 32–46, 2005.

Digital Library

[14]

J. Crussell, C. Gibler, and H. Chen. Attack of the clones: Detecting cloned applications on Android markets. In ESORICS, pages 37–54. 2012.

[15]

J. Crussell, C. Gibler, and H. Chen. Scalable semantics-based detection of similar Android applications. In ESORICS, 2013.

[16]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In NDSS, 2011.

[17]

W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, pages 393–407, 2010.

Digital Library

[18]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In USENIX Security Symposium, 2011.

Digital Library

[19]

W. Enck, M. Ongtang, and P. D. McDaniel. On lightweight mobile phone application certification. In ACM Conference on Computer and Communications Security, pages 235–245, 2009.

Digital Library

[20]

C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for android application. Technical report, EC SPRIDE Technical Report, 2013.

[21]

A. P. Fuchs, A. Chaudhuri, and J. S. Foster. SCanDroid: Automated Security Certification of Android Applications. Technical Report CS-TR-4991, Department of Computer Science, University of Maryland, College Park, November 2009.

[22]

H. Gascon, F. Yamaguchi, D. Arp, and K. Rieck. Structural detection of android malware using embedded call graphs. In AISec, pages 45–54, 2013.

Digital Library

[23]

C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. In TRUST, pages 291–307, 2012.

Digital Library

[24]

M. C. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. RiskRanker: scalable and accurate zero-day Android malware detection. In MobiSys, pages 281–294, 2012.

Digital Library

[25]

K. Griffin, S. Schneider, X. Hu, and T. cker Chiueh. Automatic generation of string signatures for malware detection. In RAID, pages 101–120, 2009.

Digital Library

[26]

J. Hoffmann, M. Ussath, T. Holz, and M. Spreitzenbarth. Slicing droids: program slicing for smali code. In SAC, pages 1844–1851, 2013.

Digital Library

[27]

X. Jiang. Security alert: New Android malware – GoldDream – found in alternative app markets. http: //www.csc.ncsu.edu/faculty/jiang/GoldDream/, 2011.

[28]

G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In PLDI, pages 423–434, 2013.

Digital Library

[29]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In ACM Conference on Computer and Communications Security, pages 229–240, 2012.

Digital Library

[30]

M. Might, Y. Smaragdakis, and D. V. Horn. Resolving and exploiting the k-cfa paradox: illuminating functional vs. object-oriented program analysis. In PLDI, pages 305–315, 2010.

Digital Library

[31]

A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. TOSEM, 14(1):1–41, 2005.

Digital Library

[32]

D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. L. Traon. Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis. In USENIX Security Symposium, 2013.

Digital Library

[33]

H. Peng, C. S. Gates, B. P. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of android apps. In ACM Conference on Computer and Communications Security, pages 241–252, 2012.

Digital Library

[34]

V. Rastogi, Y. Chen, and X. Jiang. DroidChameleon: evaluating Android anti-malware against transformation attacks. In ASIACCS, pages 329–334. ACM, 2013.

Digital Library

[35]

R. Vallée-Rai, P. Co, E. Gagnon, L. J. Hendren, P. Lam, and V. Sundaresan. Soot - a Java bytecode optimization framework. In CASCON, page 13, 1999.

Digital Library

[36]

J. Whaley, D. Avots, M. Carbin, and M. S. Lam. Using datalog with binary decision diagrams for program analysis. In APLAS, pages 97–118, 2005.

Digital Library

[37]

Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, X. S. Wang, and B. Zang. Vetting undesirable behaviors in android apps with permission use analysis. In ACM Conference on Computer and Communications Security, pages 611–622, 2013.

Digital Library

[38]

W. Zhou, Y. Zhou, M. C. Grace, X. Jiang, and S. Zou. Fast, scalable detection of “piggybacked” mobile applications. In CODASPY, pages 185–196, 2013.

Digital Library

[39]

W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting repackaged smartphone applications in third-party Android marketplaces. In CODASPY, pages 317–326, 2012.

Digital Library

[40]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In NDSS, 2012.

Cited By

Barrett SSalontai ABardhan RDorai GAkbas EWoodell P(2025)Identifying and Analyzing Vault AppsAdvances in Digital Forensics XX10.1007/978-3-031-71025-4_4(63-78)Online publication date: 7-Jan-2025
https://doi.org/10.1007/978-3-031-71025-4_4
Gupta RSharma KGarg R(2024)Innovative Approach to Android Malware Detection: Prioritizing Critical Features Using Rough Set TheoryElectronics10.3390/electronics1303048213:3(482)Online publication date: 23-Jan-2024
https://doi.org/10.3390/electronics13030482
Sosnovyy VLashchevska N(2024)DETECTION OF MALICIOUS ACTIVITY USING A NEURAL NETWORK FOR CONTINUOUS OPERATIONCybersecurity: Education, Science, Technique10.28925/2663-4023.2024.23.2132243:23(213-224)Online publication date: 2024
https://doi.org/10.28925/2663-4023.2024.23.213224
Show More Cited By

Index Terms

Apposcopy: semantics-based detection of Android malware through static analysis
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Apposcopy: automated detection of Android malware (invited talk)
DeMobile 2014: Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile

We present Apposcopy, a new semantics-based approach for detecting Android malware that steal private information. Apposcopy incorporates (i) a high-level language for specifying malware signatures and (ii) a static analysis for deciding if a given ...
Smart malware detection on Android

Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
Effectiveness of Android Obfuscation on Evading Anti-malware
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Obfuscation techniques have been conventionally used for legitimate applications, including preventing application reverse engineering, tampering and protecting intellectual property. A malware author could also leverage these benign techniques to hide ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

November 2014

856 pages

ISBN:9781450330565

DOI:10.1145/2635868

General Chair:
Shing-Chi Cheung
Hong Kong University of Science and Technology, China
,
Program Chairs:
Alessandro Orso
Georgia Institute of Technology, USA
,
Margaret-Anne Storey
University of Victoria, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGSOFT/FSE'14

Sponsor:

SIGSOFT

SIGSOFT/FSE'14: 22nd ACM SIGSOFT Symposium on the Foundations of Software Engineering

November 16 - 21, 2014

Hong Kong, China

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

302
Total Citations
View Citations
2,080
Total Downloads

Downloads (Last 12 months)123
Downloads (Last 6 weeks)9

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Barrett SSalontai ABardhan RDorai GAkbas EWoodell P(2025)Identifying and Analyzing Vault AppsAdvances in Digital Forensics XX10.1007/978-3-031-71025-4_4(63-78)Online publication date: 7-Jan-2025
https://doi.org/10.1007/978-3-031-71025-4_4
Gupta RSharma KGarg R(2024)Innovative Approach to Android Malware Detection: Prioritizing Critical Features Using Rough Set TheoryElectronics10.3390/electronics1303048213:3(482)Online publication date: 23-Jan-2024
https://doi.org/10.3390/electronics13030482
Sosnovyy VLashchevska N(2024)DETECTION OF MALICIOUS ACTIVITY USING A NEURAL NETWORK FOR CONTINUOUS OPERATIONCybersecurity: Education, Science, Technique10.28925/2663-4023.2024.23.2132243:23(213-224)Online publication date: 2024
https://doi.org/10.28925/2663-4023.2024.23.213224
Zheng JLiu JZhang AZeng JYang ZLiang ZChua TFilkov VRay BZhou M(2024)MaskDroid: Robust Android Malware Detection with Masked Graph RepresentationsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695008(331-343)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695008
Li YYuan DZhang TCai HLo DGao CLuo XJiang H(2024)Meta-Learning for Multi-Family Android Malware ClassificationACM Transactions on Software Engineering and Methodology10.1145/366480633:7(1-27)Online publication date: 26-Aug-2024
https://dl.acm.org/doi/10.1145/3664806
Wang JWang HChristakis MPradel M(2024)NativeSummary: Summarizing Native Binary Code for Inter-language Static Analysis of Android AppsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680335(971-982)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680335
Samhi JJust RBissyandé TErnst MKlein JChristakis MPradel M(2024)Call Graph Soundness in Android Static AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680333(945-957)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680333
Li HXu GWang LXiao XLuo XXu GWang HRoychoudhury APaiva AAbreu RStorey M(2024)MalCertain: Enhancing Deep Neural Network Based Android Malware Detection by Tackling Prediction UncertaintyProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639122(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639122
Zhao HWu YZou DJin H(2024)An Empirical Study on Android Malware Characterization by Social Network AnalysisIEEE Transactions on Reliability10.1109/TR.2023.330438973:1(757-770)Online publication date: Mar-2024
https://doi.org/10.1109/TR.2023.3304389
Zhu XZhang SLi CWen SXiang Y(2024)Fuzzing Android Native System Libraries via Dynamic Data Dependency GraphIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.336947919(3733-3744)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3369479
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten