[en] Empirical validations of research approaches eventually require a curated ground truth. In studies related to Android malware, such a ground truth is built by leveraging Anti-Virus (AV) scanning reports which are often provided free through online services such as VirusTotal. Unfortunately, these reports do not offer precise information for appropriately and uniquely assigning classes to samples in app datasets: AV engines indeed do not have a consensus on specifying information in labels. Furthermore, labels often mix information related to families, types, etc. In particular, the notion of “adware” is currently blurry when it comes to maliciousness. There is thus a need to thoroughly investigate cases where adware samples can actually be associated with malware (e.g., because they are tagged as adware but could be considered as malware as well).
In this work, we present a large-scale analytical study of Android adware samples to quantify to what extent “adware should be considered as malware”. Our analysis is based on the Androzoo repository of 5 million apps with associated AV labels and leverages a state-of-the-art label harmonization tool to infer the malicious type of apps before confronting it against the ad families that each adware app is associated with. We found that all adware families include samples that are actually known to implement specific malicious behavior types. Up to 50% of samples in an ad family could be flagged as malicious. Overall the study demonstrates that adware is not necessarily benign.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
GAO, Jun ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Li, Li; Monash University > Faculty of Information Technology
KONG, Pingfan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
KLEIN, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Should You Consider Adware as Malware in Your Study?
Date de publication/diffusion :
24 février 2019
Nom de la manifestation :
26th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering
Lieu de la manifestation :
Hangzhou, Chine
Date de la manifestation :
from 24-2-2019 to 27-2-2019
Titre de l'ouvrage principal :
26th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering
Eric Chien. Techniques of adware and spyware. Dublin, Ireland, Oct 2005. Symantec, VB2005 Conference.
Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security & Privacy, San Francisco, May 2012.
Jameel Qadri, Thomas M Chen, and Jorge Blasco. A review of significance of energy-consumption anomaly in malware detection in mobile devices. 2016.
Yuta Ishii, Takuya Watanabe, Mitsuaki Akiyama, and Tatsuya Mori. Clone or relative?: Understanding the origins of similar android apps. In Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, pages 25-32. ACM, 2016.
Bartlomiej Uscilowski. Mobile adware and malware analysis. Technical report, Symantec, 2013.
Li Li, Alexandre Bartel, Tegawende F Bissyande, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In Proceedings of the 37th International Conference on Software Engineering (ICSE 2015), 2015.
Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, and Giovanni Vigna. Obfuscation-resilient privacy leak detection for mobile apps through differential analysis. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), pages 1-16, 2017.
Mederic Hurier, Tegawend F. Bissyande, Yves Le Traon, Jacques Klein, Guillermo Suarez-Tangil, Santanu Kumar Dash, and Lorenzo Cavallaro. Euphony: Harmonious unification of cacophonous anti-virus vendor labels for android malware. In The 14th International Conference on Mining Software Repositories (MSR), Argentina, May 2017.
Kevin Allix, Tegawende F Bissyande, Jacques Klein, and Yves Le Traon. Androzoo: Collecting millions of android apps for the research community. In Mining Software Repositories (MSR), 2016 IEEE/ACM 13th Working Conference on, pages 468-471. IEEE, 2016.
Li Li, Jun Gao, Mederic Hurier, Pingfan Kong, Tegawende F Bissyande, Alexandre Bartel, Jacques Klein, and Yves Le Traon. Androzoo++: Collecting millions of android apps and their metadata for the research community. arXiv preprint arXiv:1709.05281, 2017.
VirusTotal. About page. https://virustotal.com/en/about/. accessed on 1st March 2018.
Li Li, Tegawende F Bissyande, Jacques Klein, and Yves Le Traon. An investigation into the use of common libraries in android apps. In The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016), 2016.
Pingfan Kong, Li Li, Jun Gao, Kui Liu, Tegawende F Bissyande, and Jacques Klein. Automated testing of android apps: A systematic literature review. IEEE Transactions on Reliability, 2018.
Li Li, Tegawende F Bissyande, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Yves Le Traon. Static analysis of android apps: A systematic literature review. Information and Software Technology, 2017.
Marcos Sebastían, Richard Rivera, Platon Kotzias, and Juan Caballero. Avclass: A tool for massive malware labeling. In International Symposium on Research in Attacks, Intrusions, and Defenses, pages 230-253. Springer, 2016.
Annamalai Narayanan, Lihui Chen, and Chee Keong Chan. Addetect: Automated detection of android ad libraries using semantic analysis. In Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2014 IEEE Ninth International Conference on, pages 1-6. IEEE, 2014.
Leonid Glanz, Sven Amann, Michael Eichberg, Michael Reif, Ben Hermann, Johannes Lerch, and Mira Mezini. Codematch: obfuscation wont conceal your repackaged app. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, pages 638-648. ACM, 2017.
Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, and Wei Huo. Libd: scalable and precise third-party library detection in android markets. In Software Engineering (ICSE), 2017 IEEE/ACM 39th International Conference on, pages 335-346. IEEE, 2017.
Ziang Ma, Haoyu Wang, Yao Guo, and Xiangqun Chen. Libradar: fast and accurate detection of third-party libraries in android apps. In Proceedings of the 38th international conference on software engineering companion, pages 653-656. ACM, 2016.
Feng Dong, Haoyu Wang, Li Li, Yao Guo, Guoai Xu, and Shaodong Zhang. How do mobile apps violate the behavioral policy of advertisement libraries? In Proceedings of the 19th International Workshop on Mobile Computing Systems and Applications (HotMobile), 2018.
Feng Dong, Haoyu Wang, Li Li, Yao Guo, Tegawende F Bissyande, Tianming Liu, Guoai Xu, and Jacques Klein. Frauddroid: Automated ad fraud detection for android apps. In The 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018), 2018.
Michael C Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. Unsafe exposure analysis of mobile in-App advertisements. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, pages 101-112. ACM, 2012.
Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, and Carl A Gunter. Free for all! assessing user data exposure to advertising libraries on android. In NDSS, 2016.
Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, and Solon Barocas. Adnostic: Privacy preserving targeted advertising. 2010.
Saikat Guha, Bin Cheng, and Paul Francis. Privad: Practical privacy in online advertising. In USENIX conference on Networked systems design and implementation, pages 169-182, 2011.
