Reference : On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/48098
On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps
English
Samhi, Jordan mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Bartel, Alexandre mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal >]
Aug-2021
IEEE Transactions on Dependable and Secure Computing
IEEE Computer Society
Yes (verified by ORBilu)
International
1545-5971
1941-0018
Piscataway
NJ
[en] Logic bomb ; Android Security ; Static Analysis ; Malware
[en] Android is present in more than 85% of mobile devices, making it a prime target for malware. Malicious code is becoming increasingly sophisticated and relies on logic bombs to hide itself from dynamic analysis. In this paper, we perform a large scale study of TSO PEN, our open-source implementation of the state-of-the-art static logic bomb scanner T RIGGER S COPE, on more than 500k Android applications. Results indicate that the approach scales. Moreover, we investigate the discrepancies and show that the approach can reach a very low false-positive rate, 0.3%, but at a particular cost, e.g., removing 90% of sensitive methods. Therefore, it might not be realistic to rely on such an approach to automatically detect all logic bombs in large datasets. However, it could be used to speed up the location of malicious code, for instance, while reverse engineering applications. We also present T RIGDB a database of 68 Android applications containing trigger-based behavior as a ground-truth to the research community.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/48098
10.1109/TDSC.2021.3108057
https://ieeexplore.ieee.org/document/9524530
FnR ; FNR14596679 > Jordan Samhi > DIANA > Dissecting Android Applications Using Static Analysis > 01/03/2020 > 31/10/2023 > 2020

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
paper.pdfAuthor postprint1.14 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.