TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs

Samhi, Jordan; Bissyande, Tegawendé François D Assise; Klein, Jacques

doi:10.1145/3524842.3528020

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs

Samhi, Jordan; Bissyande, Tegawendé François D Assise; Klein, Jacques

2022 • In 19th International Conference on Mining Software Repositories, Data Showcase, (MSR 2022)

Peer reviewed

Permalink
https://hdl.handle.net/10993/50528

DOI
10.1145/3524842.3528020

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper.pdf

Author preprint (541.53 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Dataset; Android Security; Logic bomb

Abstract :

[en] Many Android apps analyzers rely, among other techniques, on dynamic analysis to monitor their runtime behavior and detect potential security threats. However, malicious developers use subtle, though efficient, techniques to bypass dynamic analyzers. Logic bombs are examples of popular techniques where the malicious code is triggered only under specific circumstances, challenging comprehensive dynamic analyses. The research community has proposed various approaches and tools to detect logic bombs. Unfortunately, rigorous assessment and fair comparison of state-of-the-art techniques are impossible due to the lack of ground truth. In this paper, we present TriggerZoo, a new dataset of 406 Android apps containing logic bombs and benign trigger-based behavior that we release only to the research community using authenticated API. These apps are real-world apps from Google Play that have been automatically infected by our tool AndroBomb. The injected pieces of code implementing the logic bombs cover a large pallet of realistic logic bomb types that we have manually characterized from a set of real logic bombs. Researchers can exploit this dataset as ground truth to assess their approaches and provide comparisons against other tools.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)

Disciplines :

Computer science

Author, co-author :

Samhi, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Bissyande, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

Klein, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

External co-authors :

Language :

English

Title :

TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs

Publication date :

23 May 2022

Event name :

19th International Conference on Mining Software Repositories, Data Showcase, (MSR 2022)

Event place :

Pittsburgh, United States

Event date :

From 23/05/2022 to 24/05/2022

Audience :

International

Main work title :

19th International Conference on Mining Software Repositories, Data Showcase, (MSR 2022)

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://www.computer.org/csdl/proceedings-article/msr/2022/930300a459/1Eo6084ojde

FnR Project :

FNR14596679 - Dissecting Android Applications Using Static Analysis, 2020 (01/03/2020-31/10/2023) - Jordan Samhi

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 09 March 2022

Statistics

Number of views

198 (21 by Unilu)

Number of downloads

70 (5 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proceedings of the 13th International Conference on Mining Software Repositories (Austin, Texas) (MSR '16). ACM, New York, NY, USA, 468-471. https://doi.org/10.1145/2901739.2903508
Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2013. Instrumenting Android and Java Applications as Easy as abc, Vol. 8174. 364-381. https://doi.org/10.1007/978-3-642-40787-1_26
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. SIGPLAN Not. 49, 6 (June 2014), 259-269. https://doi.org/10.1145/2666356.2594299
Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: Analyzing the Android Permission Specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (Raleigh, North Carolina, USA) (CCS '12). Association for Computing Machinery, New York, NY, USA, 217-228. https://doi.org/10.1145/2382196.2382222
Harel Berger, Chen Hajaj, and Amit Dvir. 2020. Evasion Is Not Enough: A Case Study of Android Malware. In Cyber Security Cryptography and Machine Learning, Shlomi Dolev, Vladimir Kolesnikov, Sachin Lodha, and GeraWeiss (Eds.). Springer International Publishing, Cham, 167-174.
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically identifying trigger-based behavior in malware. In Botnet Detection. Springer, 65-88.
M. Choudhary and B. Kishore. 2018. HAAMD: Hybrid Analysis for Android Malware Detection. In 2018 International Conference on Computer Communication and Informatics (ICCCI). 1-4. https://doi.org/10.1109/ICCCI.2018.8441295
Nadia Daoudi, Jordan Samhi, Abdoul Kader Kabore, Kevin Allix, Tegawendé F. Bissyandé, and Jacques Klein. 2021. DexRay: A Simple, yet Effective Deep Learning Approach to Android Malware Detection Based on Image Representation of Bytecode. In Deployable Machine Learning for Security Defense, Gang Wang, Arridhana Ciptadi, and Ali Ahmadzadeh (Eds.). Springer International Publishing, Cham, 81-106.
Shuaike Dong, Menghao Li, Wenrui Diao, Xiangyu Liu, Jian Liu, Zhou Li, Fenghao Xu, Kai Chen, XiaoFengWang, and Kehuan Zhang. 2018. Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild. In Security and Privacy in Communication Networks, Raheem Beyah, Bing Chang, Yingjiu Li, and Sencun Zhu (Eds.). Springer International Publishing, Cham, 172-192.
Ming Fan, Le Yu, Sen Chen, Hao Zhou, Xiapu Luo, Shuyue Li, Yang Liu, Jun Liu, and Ting Liu. 2020. An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps. In ISSRE. 253-264. https://doi.org/10.1109/ISSRE5003. 2020.00032
H. Fereidooni, M. Conti, D. Yao, and A. Sperduti. 2016. ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 1-5. https://doi.org/10.1109/NTMS.2016.7792435
Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, and G. Vigna. 2016. TriggerScope: Towards Detecting Logic Bombs in Android Applications. In 2016 IEEE Symposium on Security and Privacy (SP). 377-396. https://doi.org/10.1109/SP.2016.30
Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2016. Triggerscope: Towards detecting logic bombs in android applications. In 2016 IEEE symposium on security and privacy (SP). IEEE, 377-396.
Google. 2021. Sign your app. https://developer.android.com/studio/publish/appsigning
Google. 2021. Zipalign. https://developer.android.com/studio/command-line/zipalign
Google. 2022. Android NDK. https://developer.android.com/ndk
IDC. [n.d.]. Smartphone Market Share, https://www.idc.com/promo/smartphonemarket- share/os. Accessed January 2022.
Hyunjae Kang, Jaewook Jang, Aziz Mohaisen, and Huy Kang Kim. 2015. Detecting and Classifying Android Malware Using Static Analysis along with Creator Information. International Journal of Distributed Sensor Networks 11, 6 (2015), 479174. https://doi.org/10.1155/2015/479174 arXiv:https://doi.org/10.1155/2015/479174
Ondrej Lhoták. 2003. Spark: A flexible points-to analysis framework for Java. (2003).
Wen Li, Xiaoqin Fu, and Haipeng Cai. 2021. AndroCT: Ten Years of App Call Traces in Android. In 2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR). 570-574. https://doi.org/10.1109/MSR52588.2021. 00076
Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang, Suleiman Yerima, Paul Miller, Sakir Sezer, Yeganeh Safaei, Erik Trickel, Ziming Zhao, Adam Doupé, and Gail Joon Ahn. 2017. Deep Android Malware Detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (Scottsdale, Arizona, USA) (CODASPY '17). Association for Computing Machinery, New York, NY, USA, 301-308. https://doi.org/10.1145/3029806.3029823
Sebastian Nielebock, Paul Blockhaus, Jacob Krüger, and Frank Ortmeier. 2021. AndroidCompass: A Dataset of Android Compatibility Checks in Code Repositories. In 2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR). 535-539. https://doi.org/10.1109/MSR52588.2021.00069
Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, and Heng Yin. 2017. Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps.. In NDSS.
N. Peiravian and X. Zhu. 2013. Machine Learning for Android Malware Detection Using Permission and API Calls. In 2013 IEEE 25th International Conference on Tools with Artificial Intelligence. 300-305. https://doi.org/10.1109/ICTAI.2013.53
Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. 2014. Rage against the Virtual Machine: Hindering Dynamic Analysis of Android Malware. In Proceedings of the Seventh European Workshop on System Security (Amsterdam, The Netherlands) (EuroSec '14). Association for Computing Machinery, New York, NY, USA, Article 5, 6 pages. https://doi.org/10.1145/2592791.2592796
J. Sahs and L. Khan. 2012. A Machine Learning Approach to Android Malware Detection. In 2012 European Intelligence and Security Informatics Conference. 141-147. https://doi.org/10.1109/EISIC.2012.34
J. Samhi and A. Bartel. 2021. On The (In)Effectiveness of Static Logic Bomb Detector for Android Apps. IEEE Transactions on Dependable and Secure Computing 01 (aug 2021), 1-1. https://doi.org/10.1109/TDSC.2021.3108057
J. Samhi, J. Gao, N. Daoudi, P. Graux, H. Hoyez, X. Sun, K. Allix, T. F. Bissyande, and J. Klein. 2022. JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). Association for Computing Machinery. https://doi.org/10.1145/3510003.3512766
J. Samhi, L. Li, T. F. Bissyande, and J. Klein. 2022. Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). Association for Computing Machinery. https://doi.org/10.1145/3510003.3510135
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 2010. Soot: A Java Bytecode Optimization Framework. In CASCON First Decade High Impact Papers (Toronto, Ontario, Canada) (CASCON '10). IBM Corp., USA, 214-224. https://doi.org/10.1145/1925805.1925818
Raja Vallee-Rai and Laurie J Hendren. 1998. Jimple: Simplifying Java bytecode for analyses and transformations. (1998).
Victor Van Der Veen, Herbert Bos, and Christian Rossow. 2013. Dynamic analysis of android malware. Internet & Web Technology Master thesis, VU University Amsterdam (2013).
Tyler Wendland, Jingyang Sun, Junayed Mahmud, S. M. Hasan Mansur, Steven Huang, Kevin Moran, Julia Rubin, and Mattia Fazzini. 2021. Andror2: A Dataset of Manually-Reproduced Bug Reports for Android apps. In 2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR). 600-604. https://doi.org/10.1109/MSR52588.2021.00082
Lifan Xu, Dongping Zhang, Nuwan Jayasena, and John Cavazos. 2018. HADM: Hybrid Analysis for Detection of Malware. In Proceedings of SAI Intelligent Systems Conference (IntelliSys) 2016, Yaxin Bi, Supriya Kapoor, and Rahul Bhatia (Eds.). Springer International Publishing, Cham, 702-724.
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. 2012. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices.