標題: | Identifying android malicious repackaged applications by thread-grained system call sequences |
作者: | Lin, Ying-Dar Lai, Yuan-Cheng Chen, Chien-Hung Tsai, Hao-Chuan 資訊工程學系 網路測試中心 Department of Computer Science Network Benchmarking Lab |
關鍵字: | Malicious repackaged applications;Dynamic analysis;System call;Android;Longest common substring |
公開日期: | 1-十一月-2013 |
摘要: | Android security has become highly desirable since adversaries can easily repackage malicious codes into various benign applications and spread these malicious repackaged applications (MRAs). Most MRA detection mechanisms on Android focus on detecting a specific family of MRAs or requiring the original benign application to compare with the malicious ones. This work proposes a new mechanism, SCSdroid (System Call Sequence Droid), which adopts the thread-grained system call sequences activated by applications. The concept is that even if MRAs can be camouflaged as benign applications, their malicious behavior would still appear in the system call sequences. SCSdroid extracts the truly malicious common subsequences from the system call sequence 6 of MRAs belonging to the same family. Therefore, these extracted common subsequences can be used to identify any evaluated application without requiring the original benign application. Experimental results show that SCSdroid falsely detected only two applications among 100 evaluated benign applications, and falsely detected only one application among 49 evaluated malicious applications. As a result, SCSdroid achieved up to 95.97% detection accuracy, i.e., 143 correct detections among 149 applications. (C) 2013 Elsevier Ltd. All rights reserved. |
URI: | http://dx.doi.org/10.1016/j.cose.2013.08.010 http://hdl.handle.net/11536/23460 |
ISSN: | 0167-4048 |
DOI: | 10.1016/j.cose.2013.08.010 |
期刊: | COMPUTERS & SECURITY |
Volume: | 39 |
Issue: | |
起始頁: | 340 |
結束頁: | 350 |
顯示於類別: | 期刊論文 |