標題: | DROIT: Dynamic Alternation of Dual-Level Tainting for Malware Analysis |
作者: | Wang, Chiwei Shieh, Shiuhpyng Winston 資訊工程學系 Department of Computer Science |
關鍵字: | mobile security;malware analysis;taint analysis;information flow tracking;binary translation;Android operating system;Dalvik virtual machine |
公開日期: | 1-Jan-2015 |
摘要: | Taint analysis for Android malware has received much attention in recent research. Existing taint techniques operate either at Java object level or at deeper instruction level. Object-level tracking is suitable for malware written in Java byte-code, but not for native ones. Instruction-level tracking captures the finest data flow. However, it leads to obscure semantic reconstruction and low performance. In this paper, we present DROIT, a taint tracker which dynamically alternates between object-level and instruction-level tracking on demands. DROIT tracks data flow at Java object level in general. When its Dalvik VM exits the byte-code execution, DROIT automatically switches to instruction-level tracking, and vice versa. The trigger-based DROIT can alternate between the two levels in an efficient manner, and can provide dual-level whole image of the data flow, rather than fragments. Tracking at the dual levels also eases the semantic reconstruction significantly. The experiment with Android information-stealing trojans showed that DROIT can handle Java-based malware, those composed in native code, and those alternating between the two levels (e.g., DroidKungFu), respectively. |
URI: | http://hdl.handle.net/11536/124237 |
ISSN: | 1016-2364 |
期刊: | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING |
Volume: | 31 |
起始頁: | 111 |
結束頁: | 129 |
Appears in Collections: | Articles |