首页|Differentiating Malicious and Benign Android App Operations Using Second-Step Behavior Features

Differentiating Malicious and Benign Android App Operations Using Second-Step Behavior Features

扫码查看
原文链接
  • NETL
  • NSTL
  • 万方数据
  • 维普
Security-sensitive operations in Android applications (apps for short) can either be benign or malicious.In this work,we introduce an approach of static program analysis that extracts "second-step behavior features",i.e.,what was triggered by the security-sensitive operation,to assist app analysis in differentiating between malicious and benign operations.Firstly,we summarized the characteristics of malicious operations,such as spontaneity,independence,stealthiness and continuity,which can be used to classify the malicious operations and benign ones.Secondly,according to these characteristics,Second step behavior features (SSBFs for short) have been presented,including structural features and semantic features.Thirdly,an analysis prototype named SSdroid has been implemented to automatically extract SSBFs of security-sensitive operations.Finally,experiments on 9285 operations from both benign and malicious apps show that SSBFs are effective and usefulness.Our evaluation results suggest that the second-step behavior can greatly assist in Android malware detection.

Android malwareSecurity-sensitive operationsStatic program analysisClassification

LI Pengwei、FU Jianming、XU Chao、CHENG Binlin、ZHANG Huanguo

展开 >

School of Information Engineering, Nanjing Audit University, Nanjing 211815, China

School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China

Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan University,Wuhan 430072, China

College of Computer Science and Technology, Hubei Normal University, Huangshi 435002, China

展开 >

This work is supported by the National Natural Science Foundation of ChinaThis work is supported by the National Natural Science Foundation of ChinaThis work is supported by the National Natural Science Foundation of ChinaNatural Science Foundation of Hubei ProvinceNatural Science Foundation in University of Jiangsu Province

61373168U1636107618021942017CFB30717KJB520015

2019

10.1049/cje.2019.06.014

中国电子杂志(英文版)

中国电子杂志(英文版)

CSTPCDCSCDSCIEI
ISSN:1022-4653
年,卷(期):2019.28(5)
  • 18