Article (Scientific journals)
On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps
SAMHI, Jordan; BARTEL, Alexandre
2021In IEEE Transactions on Dependable and Secure Computing
Peer Reviewed verified by ORBi
 

Files


Full Text
paper.pdf
Author postprint (1.17 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Logic bomb; Android Security; Static Analysis; Malware
Abstract :
[en] Android is present in more than 85% of mobile devices, making it a prime target for malware. Malicious code is becoming increasingly sophisticated and relies on logic bombs to hide itself from dynamic analysis. In this paper, we perform a large scale study of TSO PEN, our open-source implementation of the state-of-the-art static logic bomb scanner T RIGGER S COPE, on more than 500k Android applications. Results indicate that the approach scales. Moreover, we investigate the discrepancies and show that the approach can reach a very low false-positive rate, 0.3%, but at a particular cost, e.g., removing 90% of sensitive methods. Therefore, it might not be realistic to rely on such an approach to automatically detect all logic bombs in large datasets. However, it could be used to speed up the location of malicious code, for instance, while reverse engineering applications. We also present T RIGDB a database of 68 Android applications containing trigger-based behavior as a ground-truth to the research community.
Research center :
- Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Disciplines :
Computer science
Author, co-author :
SAMHI, Jordan  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
BARTEL, Alexandre ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal
External co-authors :
yes
Language :
English
Title :
On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps
Publication date :
August 2021
Journal title :
IEEE Transactions on Dependable and Secure Computing
ISSN :
1545-5971
eISSN :
1941-0018
Publisher :
IEEE Computer Society, Piscataway, United States - New Jersey
Peer reviewed :
Peer Reviewed verified by ORBi
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR14596679 - Dissecting Android Applications Using Static Analysis, 2020 (01/03/2020-31/10/2023) - Jordan Samhi
Available on ORBilu :
since 29 September 2021

Statistics


Number of views
75 (12 by Unilu)
Number of downloads
118 (6 by Unilu)

Scopus citations®
 
2
Scopus citations®
without self-citations
1
OpenAlex citations
 
3
WoS citations
 
3

Bibliography


Similar publications



Contact ORBilu