標題: Identifying android malicious repackaged applications by thread-grained system call sequences
作者: Lin, Ying-Dar
Lai, Yuan-Cheng
Chen, Chien-Hung
Tsai, Hao-Chuan
資訊工程學系
網路測試中心
Department of Computer Science
Network Benchmarking Lab
關鍵字: Malicious repackaged applications;Dynamic analysis;System call;Android;Longest common substring
公開日期: 1-Nov-2013
摘要: Android security has become highly desirable since adversaries can easily repackage malicious codes into various benign applications and spread these malicious repackaged applications (MRAs). Most MRA detection mechanisms on Android focus on detecting a specific family of MRAs or requiring the original benign application to compare with the malicious ones. This work proposes a new mechanism, SCSdroid (System Call Sequence Droid), which adopts the thread-grained system call sequences activated by applications. The concept is that even if MRAs can be camouflaged as benign applications, their malicious behavior would still appear in the system call sequences. SCSdroid extracts the truly malicious common subsequences from the system call sequence 6 of MRAs belonging to the same family. Therefore, these extracted common subsequences can be used to identify any evaluated application without requiring the original benign application. Experimental results show that SCSdroid falsely detected only two applications among 100 evaluated benign applications, and falsely detected only one application among 49 evaluated malicious applications. As a result, SCSdroid achieved up to 95.97% detection accuracy, i.e., 143 correct detections among 149 applications. (C) 2013 Elsevier Ltd. All rights reserved.
URI: http://dx.doi.org/10.1016/j.cose.2013.08.010
http://hdl.handle.net/11536/23460
ISSN: 0167-4048
DOI: 10.1016/j.cose.2013.08.010
期刊: COMPUTERS & SECURITY
Volume: 39
Issue: 
起始頁: 340
結束頁: 350
Appears in Collections:Articles


Files in This Item:

  1. 000329007400017.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.