skip to main content
10.1145/3555776.3577722acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Detecting Suspicious Conditional Statement using App Execution Log

Published: 07 June 2023 Publication History

Abstract

Because1 the logic bomb performs malicious behaviors only within the branch that triggers the malicious behaviors, if the branch can be easily found, malicious behaviors can be detected efficiently. Existing malicious app analysis tools look for branches that trigger malicious behaviors based on static analysis, so if reflection is used in the app, this branch statement cannot be found properly. Therefore, in this paper, we propose an app execution log-based suspicious conditional statement detection tool that can detect suspicious conditional statements even when reflection is used. The proposed detection tool which is implemented on the android-10.0.0_r47 version of AOSP(Android Open Source Project) can check the branch statement and information about called method while the app is executing, including the method called by reflection. Also, since suspicious conditional statements are detected by checking the method call flow related to branch statements in the execution log, there is no need to examine all branch statements in the app. Experimental results show that the proposed detection tool can detect suspicious conditional statements regardless of the use of reflection.

References

[1]
Google. 2022. Google Play Protector. https://developers.google.com/android/play-protect
[2]
Fratantonio, Y., Bianchi, A., Robertson, W., Kirda, E., Kruegel, C., and Vigna, G. 2016. Triggerscope: Towards Detecting Logic Bombs in Android Applications. In Proceedings of 2016 IEEE symposium on security and privacy (SP). IEEE, San Jose, CA, 377--396.
[3]
Bello, L., and Pistoia, M. 2018. Ares: Triggering Payload of Evasive Android Malware. In Proceedings of 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft '18). IEEE. Gothenburg, Sweden. 2--12.
[4]
Zhao, Q., Zuo, C., Dolan-Gavitt, B., Pellegrino, G., and Lin, Z. 2020. Automatic Uncovering of Hidden Behaviors from Input Validation in Mobile Apps. In Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). IEEE. San Francisco, CA. 1106--1120.
[5]
Samhi, J., Li, L., Bissyandé, T. F., and Klein, J. 2022. Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps. In Proceedings of the 44th International Conference on Software Engineering (ICSE '22). ACM. New York, NY. 723--735.
[6]
Samhi, J., and Bartel, A. 2021. On The (In) Effectiveness of Static Logic Bomb Detector for Android Apps. arXiv preprint arXiv:2108.10381.
[7]
Google. 2022. Android Open Source Project. https://source.android.com/
[8]
AndroGuard. 2022. https://androguard.readthedocs.io/en/latest/
[9]
Google. 2022. Android Debug Bridge (adb). https://developer.android.com/studio/command-line/adb
[10]
Google. 2022. UI/Application Exerciser Monkey. https://developer.android.com/studio/test/other-testing-tools/monkey
[11]
Tam, K., Fattori, A., Khan, S., and Cavallaro, L. 2015. Copperdroid: Automatic Reconstruction of Android Malware Behaviors. In Proceedings of Network and Distributed System Security Symposium 2015 (NDSS). San Diego, CA. 1--15.
[12]
Google. 2022. Logcat command-line tool. https://developer.android.com/studio/command-line/logcat
[13]
Google. 2022. Structural bytecode constraints. https://source.android.com/docs/core/runtime/constraints
[14]
Licel. 2022. DexProtector. https://licelus.com/products/dexprotector

Cited By

View all
  • (2023)Java in Action : AI for Fraud Detection and PreventionInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT239063(58-69)Online publication date: 1-Nov-2023

Index Terms

  1. Detecting Suspicious Conditional Statement using App Execution Log

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing
    March 2023
    1932 pages
    ISBN:9781450395175
    DOI:10.1145/3555776
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 07 June 2023

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Android platform
    2. execution log
    3. suspicious conditional statement

    Qualifiers

    • Research-article

    Funding Sources

    • Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education

    Conference

    SAC '23
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

    Upcoming Conference

    SAC '25
    The 40th ACM/SIGAPP Symposium on Applied Computing
    March 31 - April 4, 2025
    Catania , Italy

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)10
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)Java in Action : AI for Fraud Detection and PreventionInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT239063(58-69)Online publication date: 1-Nov-2023

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media