Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Wang, Chiwei | en_US |
dc.contributor.author | Shieh, Shiuhpyng Winston | en_US |
dc.date.accessioned | 2015-07-21T08:28:54Z | - |
dc.date.available | 2015-07-21T08:28:54Z | - |
dc.date.issued | 2015-01-01 | en_US |
dc.identifier.issn | 1016-2364 | en_US |
dc.identifier.uri | http://hdl.handle.net/11536/124237 | - |
dc.description.abstract | Taint analysis for Android malware has received much attention in recent research. Existing taint techniques operate either at Java object level or at deeper instruction level. Object-level tracking is suitable for malware written in Java byte-code, but not for native ones. Instruction-level tracking captures the finest data flow. However, it leads to obscure semantic reconstruction and low performance. In this paper, we present DROIT, a taint tracker which dynamically alternates between object-level and instruction-level tracking on demands. DROIT tracks data flow at Java object level in general. When its Dalvik VM exits the byte-code execution, DROIT automatically switches to instruction-level tracking, and vice versa. The trigger-based DROIT can alternate between the two levels in an efficient manner, and can provide dual-level whole image of the data flow, rather than fragments. Tracking at the dual levels also eases the semantic reconstruction significantly. The experiment with Android information-stealing trojans showed that DROIT can handle Java-based malware, those composed in native code, and those alternating between the two levels (e.g., DroidKungFu), respectively. | en_US |
dc.language.iso | en_US | en_US |
dc.subject | mobile security | en_US |
dc.subject | malware analysis | en_US |
dc.subject | taint analysis | en_US |
dc.subject | information flow tracking | en_US |
dc.subject | binary translation | en_US |
dc.subject | Android operating system | en_US |
dc.subject | Dalvik virtual machine | en_US |
dc.title | DROIT: Dynamic Alternation of Dual-Level Tainting for Malware Analysis | en_US |
dc.type | Article | en_US |
dc.identifier.journal | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING | en_US |
dc.citation.volume | 31 | en_US |
dc.citation.spage | 111 | en_US |
dc.citation.epage | 129 | en_US |
dc.contributor.department | 資訊工程學系 | zh_TW |
dc.contributor.department | Department of Computer Science | en_US |
dc.identifier.wosnumber | WOS:000348091300006 | en_US |
dc.citation.woscount | 0 | en_US |
Appears in Collections: | Articles |