Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lin, Ying-Dar | en_US |
dc.contributor.author | Lai, Yuan-Cheng | en_US |
dc.contributor.author | Chen, Chien-Hung | en_US |
dc.contributor.author | Tsai, Hao-Chuan | en_US |
dc.date.accessioned | 2014-12-08T15:34:11Z | - |
dc.date.available | 2014-12-08T15:34:11Z | - |
dc.date.issued | 2013-11-01 | en_US |
dc.identifier.issn | 0167-4048 | en_US |
dc.identifier.uri | http://dx.doi.org/10.1016/j.cose.2013.08.010 | en_US |
dc.identifier.uri | http://hdl.handle.net/11536/23460 | - |
dc.description.abstract | Android security has become highly desirable since adversaries can easily repackage malicious codes into various benign applications and spread these malicious repackaged applications (MRAs). Most MRA detection mechanisms on Android focus on detecting a specific family of MRAs or requiring the original benign application to compare with the malicious ones. This work proposes a new mechanism, SCSdroid (System Call Sequence Droid), which adopts the thread-grained system call sequences activated by applications. The concept is that even if MRAs can be camouflaged as benign applications, their malicious behavior would still appear in the system call sequences. SCSdroid extracts the truly malicious common subsequences from the system call sequence 6 of MRAs belonging to the same family. Therefore, these extracted common subsequences can be used to identify any evaluated application without requiring the original benign application. Experimental results show that SCSdroid falsely detected only two applications among 100 evaluated benign applications, and falsely detected only one application among 49 evaluated malicious applications. As a result, SCSdroid achieved up to 95.97% detection accuracy, i.e., 143 correct detections among 149 applications. (C) 2013 Elsevier Ltd. All rights reserved. | en_US |
dc.language.iso | en_US | en_US |
dc.subject | Malicious repackaged applications | en_US |
dc.subject | Dynamic analysis | en_US |
dc.subject | System call | en_US |
dc.subject | Android | en_US |
dc.subject | Longest common substring | en_US |
dc.title | Identifying android malicious repackaged applications by thread-grained system call sequences | en_US |
dc.type | Article | en_US |
dc.identifier.doi | 10.1016/j.cose.2013.08.010 | en_US |
dc.identifier.journal | COMPUTERS & SECURITY | en_US |
dc.citation.volume | 39 | en_US |
dc.citation.issue | en_US | |
dc.citation.spage | 340 | en_US |
dc.citation.epage | 350 | en_US |
dc.contributor.department | 資訊工程學系 | zh_TW |
dc.contributor.department | 網路測試中心 | zh_TW |
dc.contributor.department | Department of Computer Science | en_US |
dc.contributor.department | Network Benchmarking Lab | en_US |
dc.identifier.wosnumber | WOS:000329007400017 | - |
dc.citation.woscount | 1 | - |
Appears in Collections: | Articles |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.