skip to main content
10.1145/2766498.2774987acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
poster

A hybrid approach for mobile security threat analysis

Published: 22 June 2015 Publication History

Abstract

Research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. Static analysis and dynamic analysis constitute two of the most popular types of techniques for security analysis and evaluation; nevertheless, each of them has its strengths and weaknesses. To leverage the benefits of both approaches, we propose a hybrid approach that integrates the static and dynamic analysis for detecting security threats in mobile applications. The key of this approach is the unification of data states and software execution on critical test paths. The approach consists of two phases. In the first phase, a pilot static analysis is conducted to identify potential critical attack paths based on Android APIs and existing attack patterns. In the second phase, a dynamic analysis follows the identified critical paths to execute the program in a limited and focused manner. Attacks shall be detected by checking the conformance of the detected paths with existing attack patterns. The method will report the types of detected attack scenarios based on types of sensitive data that may be compromised, such as web browser cookie.

References

[1]
Suzanna Schmeelk, Static Analysis Techniques Used in Android Application Security Analysis
[2]
W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In USENIX, Security Symposium, 2011.
[3]
C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for android application. Technical report, EC SPRIDE Technical Report, 2013.
[4]
M. Zheng, M. Sun, and J. C. Lui, DroidRay: A Security Evaluation System for Customized Android Firmwares, in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2014

Cited By

View all
  • (2017)Selecting a cloud service provider to minimize privacy risks2017 Annual Reliability and Maintainability Symposium (RAMS)10.1109/RAM.2017.7889714(1-7)Online publication date: 23-Jan-2017

Index Terms

  1. A hybrid approach for mobile security threat analysis

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WiSec '15: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks
    June 2015
    256 pages
    ISBN:9781450336239
    DOI:10.1145/2766498
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 22 June 2015

    Check for updates

    Author Tags

    1. Android application analysis
    2. data path tracing
    3. dynamic analysis
    4. static analysis
    5. symbolic execution

    Qualifiers

    • Poster

    Conference

    WiSec'15
    Sponsor:
    • SIGSAC
    • US Army Research Office
    • NSF

    Acceptance Rates

    Overall Acceptance Rate 98 of 338 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 19 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2017)Selecting a cloud service provider to minimize privacy risks2017 Annual Reliability and Maintainability Symposium (RAMS)10.1109/RAM.2017.7889714(1-7)Online publication date: 23-Jan-2017

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media