Abstract
The lack of ground truth about malicious behaviors exhibited by current Android malware forces researchers to embark upon a lengthy process of manually analyzing malware instances. In this paper, we propose a method to automatically localize malicious behaviors residing in representations of apps’ runtime behaviors. Our initial evaluation using generated API calls traces of Android apps demonstrates the method’s feasibility and applicability.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Droidutan. https://github.com/aleisalem/Droidutan
Droidmon. https://github.com/idanr1986/droidmon
Li, L., Li, D., Bissyande, T.F., Klein, J., Cai, H., Lo, D., Le Traon, Y.: Automatically locating malicious packages in piggybacked android apps. In: Proceedings of the 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems, MOBILESoft 2017, pp. 170–174 (2017)
Li, L., Li, D., Bissyande, T., Klein, J., Le Traon, Y., Lo, D., Cavallaro, L.: Understanding android app piggybacking: a systematic study of malicious code grafting. IEEE Trans. Inf. Forensics Secur. 12, 1269–1284 (2017)
Pan, X., Wang, X., Duan, Y., Wang, X., Yin, H.: Dark hazard: learning-based, large-scale discovery of hidden sensitive operations in android apps. In: Proceedings of Network and Distributed System Security Symposium, NDSS 2017, (2017)
Rasthofer, S., Arzt, S., Triller, S., Pradel, M.: Making malory behave maliciously: targeted fuzzing of android execution environments. In: 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017, pp. 300–311 (2017)
Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12
Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2, 211–229 (2006)
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10
Zheng, M., Sun, M., Lui, J.: Droid analytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. TrustCom 2013, pp. 163–171 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Salem, A., Schmidt, T., Pretschner, A. (2018). Idea: Automatic Localization of Malicious Behaviors in Android Malware with Hidden Markov Models. In: Payer, M., Rashid, A., Such, J. (eds) Engineering Secure Software and Systems. ESSoS 2018. Lecture Notes in Computer Science(), vol 10953. Springer, Cham. https://doi.org/10.1007/978-3-319-94496-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-94496-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94495-1
Online ISBN: 978-3-319-94496-8
eBook Packages: Computer ScienceComputer Science (R0)