LI Pengwei, FU Jianming, XU Chao, CHENG Binlin, ZHANG Huanguo. Differentiating Malicious and Benign Android App Operations Using Second-Step Behavior Features[J]. Chinese Journal of Electronics, 2019, 28(5): 944-952. doi: 10.1049/cje.2019.06.014
Citation: LI Pengwei, FU Jianming, XU Chao, CHENG Binlin, ZHANG Huanguo. Differentiating Malicious and Benign Android App Operations Using Second-Step Behavior Features[J]. Chinese Journal of Electronics, 2019, 28(5): 944-952. doi: 10.1049/cje.2019.06.014

Differentiating Malicious and Benign Android App Operations Using Second-Step Behavior Features

doi: 10.1049/cje.2019.06.014
Funds:  This work is supported by the National Natural Science Foundation of China (No.61373168, No.U1636107, No.61802194), Natural Science Foundation of Hubei Province (No.2017CFB307), and Natural Science Foundation in University of Jiangsu Province (No.17KJB520015).
More Information
  • Corresponding author: FU Jianming (corresponding author) was born in 1969.He received the Ph.D.degree from Wuhan University.He is a professor of Wuhan University.His research interests include software security and network security.(Email:jmfu@whu.edu.cn)
  • Received Date: 2017-09-25
  • Rev Recd Date: 2018-05-03
  • Publish Date: 2019-09-10
  • Security-sensitive operations in Android applications (apps for short) can either be benign or malicious. In this work, we introduce an approach of static program analysis that extracts "second-step behavior features", i.e., what was triggered by the security-sensitive operation, to assist app analysis in differentiating between malicious and benign operations. Firstly, we summarized the characteristics of malicious operations, such as spontaneity, independence, stealthiness and continuity, which can be used to classify the malicious operations and benign ones. Secondly, according to these characteristics, Second step behavior features (SSBFs for short) have been presented, including structural features and semantic features. Thirdly, an analysis prototype named SSdroid has been implemented to automatically extract SSBFs of security-sensitive operations. Finally, experiments on 9285 operations from both benign and malicious apps show that SSBFs are effective and usefulness. Our evaluation results suggest that the second-step behavior can greatly assist in Android malware detection.
  • loading
  • K. Olejnik, I. Dacosta, J.S. Machado, et al., "Smarper:Context-aware and automatic runtime-permissions for mobile devices", Proc. of IEEE Symposium on Security and Privacy, Oakland, California, USA, pp.1058-1076, 2017.
    A. Dawoud and S. Bugiel. "DroidCap:OS support for capability-based permissions in android network and distributed systems security", Proc. of Network and Distributed System Security Symposium, San Diego, CA, USA, 2019.
    M. Zhang, Y. Duan, H. Yin, et al., "Semantics-aware android malware classification using weighted contextual API dependency graphs", Proc. of ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, pp.1105-1116,2014.
    T. Li, H. Dong, C.Y. Yuan, et al., "Description of android malware feature based on Dalvik instructions", Journal of Computer Research and Development, Vol.51, No.7, pp.1458-1466, 2015.
    V.Rastogi, Y. Chen, and X. Jiang. "Droidchameleon:Evaluating Android antimalware against transformation attacks", Proc. of ACM SIGSAC Conference on Computer and Communications Security, Berlin, Germany, pp.329-334, 2013.
    K. Allix, Q. Jerome, T.F. Bissyande, et al., "A forensic analysis of android malware-how is malware written and how it could be detected?", Proc. of IEEE 38th Annual Computer Software and Applications Conference, Vasteras, Sweden, pp.384-393, 2014.
    J. Huang, X. Zhang, L. Tan, et al., "AsDroid:Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction", Proc. of the 36th International Conference on Software Engineering. Hyderabad, India, PP.1036-1046, 2014.
    K.O. Elish, X. Shu, D.D. Yao, et al., "Profiling user-trigger dependence for Android malware detection", Computers & Security, Vol.49, pp.255-273, 2015.
    W. Yang, X. Xiao, B. Andow, et al., "AppContext:Differentiating malicious and benign mobile app behaviors using context", Proc. of the International Conference on Software Engineering, Firenze, Italy, pp.303-313, 2015.
    R. Pandita, X. Xiao, W. Yang, et al., "WHYPER:Towards automating risk assessment of mobile applications", Proc. of the 22th USENIX Conference on Security, USENIX Association Berkeley, Berkeley, CA, USA, pp.527-542, 2013.
    Z. Qu, V. Rastogi, X. Zhang, et al., "AutoCog:Measuring the descriptionto-permission fidelity in Android applications", Proc. of the ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, pp.1354-1365, 2014.
    A. Gorla, I. Tavecchia, F. Gross, et al., "Checking app behavior against app descriptions", Proc. of the 36th International Conference on Software Engineering, Hyderabad, India, pp.1025-1035, 2014.
    K. Lu, Z. Li, V.P. Kemerlis, et al., "Checking more and alerting less:Detecting privacy leakages via enhanced data-flow analysis and peer voting", Proc. of Network and Distributed System Security Symposium, San Diego, California, USA, 2015.
    F.G. Wei, S. Roy and X. Ou, "Amandroid:A precise and general inter-component data flow analysis framework for security vetting of Android Apps", Proc. of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, pp.1329-1341, 2014.
    F.G. Wei, Yuping Li, S. Roy, et al., "Deep ground truth analysis of current Android malware". Proc. of the 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany, 2017.
    V. Avdiienko, K. Kuznetsov, A. Gorla, et al., "Mining apps for abnormal usage of sensitive data", Proc. of the International Conference on Software Engineering, Firenze, Italy, pp.426-436. 2015
    X.Pan, X.Wang, Y.Duan, et al., "Dark Hazard:Learningbased, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps", Proc. of Network and Distributed System Security Symposium, San Diego, California, USA, 2017.
    Z.G. Wang, C.L. Li and L.S. Zhang. "A privacy stealing detection method based on behavior-chain for android applications", Acta Electronica Sinica, Vol.43, No.9, pp.1750-1755, 2015. (in Chinese)
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (132) PDF downloads(183) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return