Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps

Samhi, Jordan; Li, Li; Bissyande, Tegawendé François D Assise; Klein, Jacques

doi:10.1145/3510003.3510135

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps

Samhi, Jordan; Li, Li; Bissyande, Tegawendé François D Assise et al.

2022 • In 44th International Conference on Software Engineering (ICSE 2022)

Peer reviewed

Permalink
https://hdl.handle.net/10993/49268

DOI
10.1145/3510003.3510135

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

difuzer_preprint.pdf

Author preprint (863.82 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Static Analysis; Android Security; Logic Bomb

Abstract :

[en] One prominent tactic used to keep malicious behavior from being detected during dynamic test campaigns is logic bombs, where malicious operations are triggered only when specific conditions are satisfied. Defusing logic bombs remains an unsolved problem in the literature. In this work, we propose to investigate Suspicious Hidden Sensitive Operations (SHSOs) as a step towards triaging logic bombs. To that end, we develop a novel hybrid approach that combines static analysis and anomaly detection techniques to uncover SHSOs, which we predict as likely implementations of logic bombs. Concretely, Difuzer identifies SHSO entry-points using an instrumentation engine and an inter-procedural data-flow analysis. Then, it extracts trigger-specific features to characterize SHSOs and leverages One-Class SVM to implement an unsupervised learning model for detecting abnormal triggers. We evaluate our prototype and show that it yields a precision of 99.02% to detect SHSOs among which 29.7% are logic bombs. Difuzer outperforms the state-of-the-art in revealing more logic bombs while yielding less false positives in about one order of magnitude less time. All our artifacts are released to the community.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)

Disciplines :

Computer science

Author, co-author :

Samhi, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Li, Li; Monash University

Bissyande, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Klein, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

External co-authors :

yes

Language :

English

Title :

Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps

Publication date :

21 May 2022

Event name :

44th International Conference on Software Engineering (ICSE 2022)

Event place :

Pittsburgh, United States

Event date :

from 21-05-2022 to 29-05-2022

Audience :

International

Main work title :

44th International Conference on Software Engineering (ICSE 2022)

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://www.computer.org/csdl/proceedings-article/icse/2022/922100a723/1EmrYyZvxCM

FnR Project :

FNR14596679 - Dissecting Android Applications Using Static Analysis, 2020 (01/03/2020-31/10/2023) - Jordan Samhi

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 04 January 2022

Statistics

Number of views

150 (21 by Unilu)

Number of downloads

62 (6 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Hira Agrawal, James Alberi, Lisa Bahler, Josephine Micallef, Alexandr Virodov, Mark Magenheimer, Shane Snyder, Vidroha Debroy, and Eric Wong. 2012. Detecting hidden logic bombs in critical infrastructure software. In International Conference on Information Warfare and Security. Academic Conferences International Limited, Vol. 1.
Shahid Alam, Zhengyang Qu, Ryan Riley, Yan Chen, and Vaibhav Rastogi. 2017. DroidNative: Automating and optimizing detection of Android native code malware variants. Computers & Security 65 (2017), 230-246. https: //doi. org/10. 1016/j. cose. 2016. 11. 011
Scott Alexander-Bown. [n. d. ]. Android Security: Adding Tampering Detection to Your App. https://www. airpair. com/android/posts/adding-tampering-detectionto-your-android-app#4-1-emulator Accessed February 2021.
Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proceedings of the 13th International Conference on Mining Software Repositories (Austin, Texas) (MSR '16). ACM, New York, NY, USA, 468-471. https://doi. org/ 10. 1145/2901739. 2903508
Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2013. Susi: A tool for the fully automated classification and categorization of android sources and sinks. University of Darmstadt, Tech. Rep. TUDCS-2013-0114 (2013).
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. SIGPLAN Not. 49, 6 (June 2014), 259-269. https://doi. org/10. 1145/2666356. 2594299
Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: Analyzing the Android Permission Specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (Raleigh, North Carolina, USA) (CCS '12). Association for Computing Machinery, New York, NY, USA, 217-228. https://doi. org/10. 1145/2382196. 2382222
VitaliiAvdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining Apps for Abnormal Usage of Sensitive Data. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. 426-436. https://doi. org/10. 1109/ICSE. 2015. 61
Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2010. Efficient Detection of Split Personalities in Malware. In NDSS. Citeseer.
Luciano Bello and Marco Pistoia. 2018. Ares: triggering payload of evasive android malware. In 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE, 2-12.
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically identifying trigger-based behavior in malware. In Botnet Detection. Springer, 65-88.
Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. 15-26.
Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly Detection: A Survey. ACM Comput. Surv. 41, 3, Article 15 (July 2009), 58 pages. https: //doi. org/10. 1145/1541880. 1541882
Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: A Library for Support Vector Machines. ACM Trans. Intell. Syst. Technol. 2, 3, Article 27 (May 2011), 27 pages. https://doi. org/10. 1145/1961189. 1961199
K. Chen, X. Wang, Y. Chen, P. Wang, Y. Lee, X. Wang, B. Ma, A. Wang, Y. Zhang, and W. Zou. 2016. Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS. In 2016 IEEE Symposium on Security and Privacy (SP). 357-376. https://doi. org/10. 1109/SP. 2016. 29
Xu Chen, Jon Andersen, Z Morley Mao, Michael Bailey, and Jose Nazario. 2008. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In 2008 IEEE international conference on dependable systems and networks with FTCS and DCC (DSN). IEEE, 177-186.
M. Choudhary and B. Kishore. 2018. HAAMD: Hybrid Analysis for Android Malware Detection. In 2018 International Conference on Computer Communication and Informatics (ICCCI). 1-4. https://doi. org/10. 1109/ICCCI. 2018. 8441295
Catalin Cimpanu. [n. d. ]. Play Store identified as main distribution vector for most Android malware. https://www. zdnet. com/article/play-store-identified-as-maindistribution-vector-for-most-android-malware/ Accessed February 2021.
Hitesh Dharmdasani. [n. d. ]. Android. HeHe: Malware Now Disconnects Phone Calls. https://www. fireeye. com/blog/threat-research/2014/01/android-hehemalware-now-disconnects-phone-calls. html Accessed December 2020.
Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, XiaoFengWang, and Kehuan Zhang. 2018. Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild. In Security and Privacy in Communication Networks, Raheem Beyah, Bing Chang, Yingjiu Li, and Sencun Zhu (Eds.). Springer International Publishing, Cham, 172-192.
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 1-29.
Emre Erturk. 2012. A case study in open source software security and privacy: Android adware. In World Congress on Internet Security (WorldCIS-2012). IEEE, 189-191.
Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semanticsbased detection of android malware through static analysis. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 576-587.
H. Fereidooni, M. Conti, D. Yao, and A. Sperduti. 2016. ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 1-5. https://doi. org/10. 1109/NTMS. 2016. 7792435
Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, and G. Vigna. 2016. TriggerScope: Towards Detecting Logic Bombs in Android Applications. In 2016 IEEE Symposium on Security and Privacy (SP). 377-396. https://doi. org/10. 1109/ SP. 2016. 30
Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2016. Triggerscope: Towards detecting logic bombs in android applications. In 2016 IEEE symposium on security and privacy (SP). IEEE, 377-396.
Olga Gadyatskaya, Andra-Lidia Lezza, and Yury Zhauniarovich. 2016. Evaluation of Resource-Based App Repackaging Detection in Android. In Secure IT Systems, Billy Bob Brumley and Juha Röning (Eds.). Springer International Publishing, Cham, 135-151.
Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. 2012. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. In Trust and Trustworthy Computing, Stefan Katzenbeisser, Edgar Weippl, L. Jean Camp, Melanie Volkamer, Mike Reiter, and Xinwen Zhang (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 291-307.
Google. [n. d. ]. Build Class, https://developer. android. com/reference/android/os/ Build. Accessed February 2021.
Google. [n. d. ]. Context Class, https://developer. android. com/ reference/android/ content/Context#getSystemService(Java. lang. String). Accessed February 2021.
Google. [n. d. ]. Cursor Class, https://developer. android. com/reference/android/ database/Cursor. Accessed February 2021.
Google. [n. d. ]. Sensor Class, https://developer. android. com/reference/android/ hardware/Sensor. Accessed February 2021.
Google. [n. d. ]. SensorManager Class, https://developer. android. com/reference/ android/ hardware/SensorManager. Accessed February 2021.
IDC. [n. d. ]. Smartphone Market Share, https://www. idc. com/ promo/smartphonemarket-share/ os. Accessed January 2021.
Xiaoqi Jia, Guangzhe Zhou, Qingjia Huang, Weijuan Zhang, and Donghai Tian. 2017. Findevasion: an effective environment-sensitive malware detection system for the cloud. In International Conference on Digital Forensics and Cyber Crime. Springer, 3-17.
Mohsin Junaid, Donggang Liu, and David Kung. 2016. Dexteroid: Detecting malicious behaviors in Android apps using reverse-engineered life cycle models. computers & security 59 (2016), 92-117.
Hyunjae Kang, Jaewook Jang, Aziz Mohaisen, and Huy Kang Kim. 2015. Detecting and Classifying Android Malware Using Static Analysis along with Creator Information. International Journal of Distributed Sensor Networks 11, 6 (2015), 479174. https://doi. org/10. 1155/2015/479174 arXiv:https://doi. org/10. 1155/2015/479174
Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. Barecloud: baremetal analysis-based evasive malware detection. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 287-301.
Sotiris B Kotsiantis, I Zaharakis, and P Pintelas. 2007. Supervised machine learning: A review of classification techniques. Emerging artificial intelligence applications in computer engineering 160, 1 (2007), 3-24.
Ondrej Lhoták and Laurie Hendren. 2003. Scaling Java Points-to Analysis Using Spark. In Compiler Construction, Görel Hedin (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 153-169.
Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mc-Daniel. 2015. Iccta: Detecting inter-component privacy leaks in android apps. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 280-291.
L. Li, T. F. Bissyande, and J. Klein. 2019. Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark. IEEE Transactions on Software Engineering (2019), 1-1. https://doi. org/10. 1109/TSE. 2019. 2901679
Li Li, Tegawendé F Bissyandé, Damien Octeau, and Jacques Klein. 2016. Droidra: Taming reflection to support whole-program analysis of android apps. In Proceedings of the 25th International Symposium on Software Testing and Analysis. 318-329.
L. Li, T. F. Bissyandé, and J. Klein. 2017. SimiDroid: Identifying and Explaining Similarities in Android Apps. In 2017 IEEE Trustcom/BigDataSE/ICESS. 136-143. https://doi. org/10. 1109/Trustcom/BigDataSE/ICESS. 2017. 230
L. Li, T. F. Bissyandé, J. Klein, and Y. L. Traon. 2016. An Investigation into the Use of Common Libraries in Android Apps. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), Vol. 1. 403-414.
Li Li, Tegawendé F. Bissyandé, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Le Traon. 2017. Static analysis of android apps: A systematic literature review. Information and Software Technology 88 (2017), 67-95. https://doi. org/10. 1016/j. infsof. 2017. 04. 001
L. Li, D. Li, T. F. Bissyandé, J. Klein, Y. Le Traon, D. Lo, and L. Cavallaro. 2017. Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting. IEEE Transactions on Information Forensics and Security 12, 6 (2017), 1269-1284. https://doi. org/10. 1109/TIFS. 2017. 2656460
Cheng-Min Lin, Jyh-Horng Lin, Chyi-Ren Dow, and Chang-Ming Wen. 2011. Benchmark dalvik and native code for android system. In 2011 Second International Conference on Innovations in Bio-inspired Computing and Applications. IEEE, 320-323.
Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti. 2011. Detecting environment-sensitive malware. In International Workshop on Recent Advances in Intrusion Detection. Springer, 338-357.
Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer. 2014. Andrubis-1, 000, 000 apps later: A view on current Android malware behaviors. In 2014 third international workshop on building analysis datasets and gathering experience returns for security (BADGERS). IEEE, 3-17.
Linghui Luo, Eric Bodden, and Johannes Späth. 2019. A Qualitative Analysis of Android Taint-Analysis Results. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). 102-114. https://doi. org/10. 1109/ASE. 2019. 00020
Arvind Mahindru and Paramvir Singh. 2017. Dynamic permissions based android malware detection using machine learning techniques. In Proceedings of the 10th innovations in software engineering conference. 202-210.
Pallavi Maiya, Aditya Kanade, and Rupak Majumdar. 2014. Race detection for Android applications. ACM SIGPLAN Notices 49, 6 (2014), 316-325.
Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupé, et al. 2017. Deep android malware detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 301-308.
Trend Micro. [n. d. ]. Hacking Team Spying Tool Listens to Calls. https://www. trendmicro. com/en_us/research/15/g/hacking-team-rcsandroidspying-tool-listens-to-calls-roots-devices-to-get-in. html Accessed February 2021.
Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu, and Min Yang. 2018. Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. In NDSS.
Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, and Heng Yin. 2017. Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps. In NDSS.
Dorottya Papp, Levente Buttyán, and Zhendong Ma. 2017. Towards semiautomated detection of trigger-based behavior for software security assurance. In Proceedings of the 12th International Conference on Availability, Reliability and Security. 1-6.
N. Peiravian and X. Zhu. 2013. Machine Learning for Android Malware Detection Using Permission and API Calls. In 2013 IEEE 25th International Conference on Tools with Artificial Intelligence. 300-305. https://doi. org/10. 1109/ICTAI. 2013. 53
Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. 2014. Rage against the Virtual Machine: Hindering Dynamic Analysis of Android Malware. In Proceedings of the Seventh European Workshop on System Security (Amsterdam, The Netherlands) (EuroSec '14). Association for Computing Machinery, New York, NY, USA, Article 5, 6 pages. https://doi. org/ 10. 1145/2592791. 2592796
Heloise Pieterse and Martin S Olivier. 2012. Android botnets on the rise: Trends and characteristics. In 2012 information security for South Africa. IEEE, 1-5.
Siegfried Rasthofer, Irfan Asrar, Stephan Huber, and Eric Bodden. 2015. How Current Android Malware Seeks to Evade Automated Code Analysis. In Information Security Theory and Practice, Raja Naeem Akram and Sushil Jajodia (Eds.). Springer International Publishing, Cham, 187-202.
H. G. Rice. 1953. Classes of Recursively Enumerable Sets and Their Decision Problems. Trans. Amer. Math. Soc. 74, 2 (1953), 358-366. http://www. jstor. org/ stable/1990888
Mustafa Hassan Saad, Ahmed Serageldin, and Goda Ismaeel Salama. 2015. Android spyware disease and medication. In 2015 second international conference on information security and cyber forensics (InfoSec). IEEE.
J. Sahs and L. Khan. 2012. A Machine Learning Approach to Android Malware Detection. In 2012 European Intelligence and Security Informatics Conference. 141-147. https://doi. org/10. 1109/EISIC. 2012. 34
Justin Sahs and Latifur Khan. 2012. A machine learning approach to android malware detection. In 2012 European Intelligence and Security Informatics Conference. IEEE, 141-147.
Jordan Samhi and Alexandre Bartel. 2021. On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps. arXiv:2108. 10381 [cs. CR]
J. Samhi, A. Bartel, T. F. Bissyande, and J. Klein. 2021. RAICC: Revealing Atypical Inter-Component Communication in Android Apps. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 1398-1409. https://doi. org/10. 1109/ICSE43902. 2021. 00126
Bernhard Schölkopf, John C. Platt, John Shawe-Taylor, Alex J. Smola, and Robert C. Williamson. 2001. Estimating the Support of a High-Dimensional Distribution. Neural Computation 13, 7 (2001), 1443-1471. https://doi. org/10. 1162/ 089976601750264965 arXiv:https://doi. org/10. 1162/089976601750264965
Dawei Shi, Xiucun Tang, and Zhibin Ye. 2017. Detecting environment-sensitive malware based on taint analysis. In 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS). IEEE.
Maddie Stone. [n. d. ]. The Path to the Payload: Android Edition, 2019. https: //cfp. recon. cx/reconmtl2019/talk/TMHQGV/ Accessed December 2020.
Kimberly Tam, Salahuddin J Khan, Aristide Fattori, and Lorenzo Cavallaro. 2015. Copperdroid: Automatic reconstruction of android malware behaviors. In Ndss.
Oguzhan Topgul. [n. d. ]. Android Malware Evasion Techniques-Emulator Detection. https://www. oguzhantopgul. com/2014/12/android-malware-evasiontechniques. html Accessed December 2020.
Virus Total. 2020. Virus total free online virus, malware and url scanner. https: //www. virustotal. com/en
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 2010. Soot: A Java Bytecode Optimization Framework. In CASCON First Decade High Impact Papers (Toronto, Ontario, Canada) (CASCON '10). IBM Corp., USA, 214-224. https://doi. org/10. 1145/1925805. 1925818
Raja Vallee-Rai and Laurie J Hendren. 1998. Jimple: Simplifying Java bytecode for analyses and transformations.
Victor Van Der Veen, Herbert Bos, and Christian Rossow. 2013. Dynamic analysis of android malware. Internet & Web Technology Master thesis, VU University Amsterdam (2013).
V. N. Vapnik. 1999. An overview of statistical learning theory. IEEE Transactions on Neural Networks 10, 5 (1999), 988-999. https://doi. org/10. 1109/72. 788640
Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. 2014. Amandroid: A Precise and General Inter-Component Data Flow Analysis Framework for Security Vetting of Android Apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS '14). Association for Computing Machinery, New York, NY, USA, 1329-1341. https://doi. org/10. 1145/2660267. 2660357
Huan Xu, Constantine Caramanis, and Shie Mannor. 2009. Robustness and Regularization of Support Vector Machines. Journal of machine learning research 10, 7 (2009).
Lifan Xu, Dongping Zhang, Nuwan Jayasena, and John Cavazos. 2018. HADM: Hybrid Analysis for Detection of Malware. In Proceedings of SAI Intelligent Systems Conference (IntelliSys) 2016, Yaxin Bi, Supriya Kapoor, and Rahul Bhatia (Eds.). Springer International Publishing, Cham, 702-724.
Yinxing Xue, Guozhu Meng, Yang Liu, Tian Huat Tan, Hongxu Chen, Jun Sun, and Jie Zhang. 2017. Auditing anti-malware tools by evolving android malware and dynamic loading technique. IEEE Transactions on Information Forensics and Security 12, 7 (2017), 1529-1544.
Tianda Yang, Yu Yang, Kai Qian, Dan Chia-Tien Lo, Ying Qian, and Lixin Tao. 2015. Automated detection and analysis for android ransomware. In 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems. IEEE, 1338-1343.
Yunqiang Chen, Xiang Sean Zhou, and T. S. Huang. 2001. One-class SVM for learning in image retrieval. In Proceedings 2001 International Conference on Image Processing (Cat. No. 01CH37205), Vol. 1. 34-37 vol. 1. https://doi. org/10. 1109/ICIP. 2001. 958946
Qingchuan Zhao, Chaoshun Zuo, Brendan Dolan-Gavitt, Giancarlo Pellegrino, and Zhiqiang Lin. 2020. Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1106-1120.
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices.
M. Zheng, M. Sun, and J. C. S. Lui. 2014. DroidTrace: A ptrace based Android dynamic analysis system with forward execution capability. In 2014 International Wireless Communications and Mobile Computing Conference (IWCMC). 128-133. https://doi. org/10. 1109/IWCMC. 2014. 6906344
Wu Zhou, Xinwen Zhang, and Xuxian Jiang. 2013. AppInk: Watermarking Android Apps for Repackaging Deterrence. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (Hangzhou, China) (ASIA CCS '13). Association for Computing Machinery, New York, NY, USA, 1-12. https://doi. org/10. 1145/2484313. 2484315
Yajin Zhou and Xuxian Jiang. 2012. Dissecting android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy. IEEE, 95-109.