Automatically locating malicious packages in piggybacked android apps

Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

Abstract

To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publication2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017
EditorsJohn Grundy, William G.J. Halfond
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages170-174
Number of pages5
ISBN (Print)9781538626696
DOIs
Publication statusPublished - 7 Jul 2017
Externally publishedYes
EventIEEE/ACM International Conference on Mobile Software Engineering and Systems 2017 - Buenos Aires, Argentina
Duration: 22 May 201723 May 2017
Conference number: 4th
http://mobilesoftconf.org/2017/

Conference

ConferenceIEEE/ACM International Conference on Mobile Software Engineering and Systems 2017
Abbreviated titleMOBILESoft 2017
CountryArgentina
CityBuenos Aires
Period22/05/1723/05/17
Internet address

Cite this

Li, L., Li, D., Bissyande, T. F., Klein, J., Cai, H., Lo, D., & Le Traon, Y. (2017). Automatically locating malicious packages in piggybacked android apps. In J. Grundy, & W. G. J. Halfond (Eds.), Proceedings: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017 (pp. 170-174). [7972732] Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/MOBILESoft.2017.6
Li, Li ; Li, Daoyuan ; Bissyande, Tegawende F. ; Klein, Jacques ; Cai, Haipeng ; Lo, David ; Le Traon, Yves. / Automatically locating malicious packages in piggybacked android apps. Proceedings: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017. editor / John Grundy ; William G.J. Halfond. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. pp. 170-174
@inproceedings{91ac80541cd34f02af21413cfa47cb17,
title = "Automatically locating malicious packages in piggybacked android apps",
abstract = "To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6{\%} in verifying the top five reported items.",
author = "Li Li and Daoyuan Li and Bissyande, {Tegawende F.} and Jacques Klein and Haipeng Cai and David Lo and {Le Traon}, Yves",
year = "2017",
month = "7",
day = "7",
doi = "10.1109/MOBILESoft.2017.6",
language = "English",
isbn = "9781538626696",
pages = "170--174",
editor = "John Grundy and Halfond, {William G.J.}",
booktitle = "Proceedings",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States",

}

Li, L, Li, D, Bissyande, TF, Klein, J, Cai, H, Lo, D & Le Traon, Y 2017, Automatically locating malicious packages in piggybacked android apps. in J Grundy & WGJ Halfond (eds), Proceedings: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017., 7972732, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 170-174, IEEE/ACM International Conference on Mobile Software Engineering and Systems 2017, Buenos Aires, Argentina, 22/05/17. https://doi.org/10.1109/MOBILESoft.2017.6

Automatically locating malicious packages in piggybacked android apps. / Li, Li; Li, Daoyuan; Bissyande, Tegawende F.; Klein, Jacques; Cai, Haipeng; Lo, David; Le Traon, Yves.

Proceedings: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017. ed. / John Grundy; William G.J. Halfond. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 170-174 7972732.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

TY - GEN

T1 - Automatically locating malicious packages in piggybacked android apps

AU - Li, Li

AU - Li, Daoyuan

AU - Bissyande, Tegawende F.

AU - Klein, Jacques

AU - Cai, Haipeng

AU - Lo, David

AU - Le Traon, Yves

PY - 2017/7/7

Y1 - 2017/7/7

N2 - To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.

AB - To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.

UR - http://www.scopus.com/inward/record.url?scp=85027041382&partnerID=8YFLogxK

U2 - 10.1109/MOBILESoft.2017.6

DO - 10.1109/MOBILESoft.2017.6

M3 - Conference Paper

SN - 9781538626696

SP - 170

EP - 174

BT - Proceedings

A2 - Grundy, John

A2 - Halfond, William G.J.

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

ER -

Li L, Li D, Bissyande TF, Klein J, Cai H, Lo D et al. Automatically locating malicious packages in piggybacked android apps. In Grundy J, Halfond WGJ, editors, Proceedings: 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2017. p. 170-174. 7972732 https://doi.org/10.1109/MOBILESoft.2017.6