Automatically locating malicious packages in piggybacked android apps

Li Li, Daoyuan Li, Tegawende F. Bissyande, Jacques Klein, Haipeng Cai, David Lo, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

9 Citations (Scopus)


To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth set of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy of 83.6% in verifying the top five reported items.

Original languageEnglish
Title of host publicationProceedings
Subtitle of host publication2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems - MOBILESoft 2017
EditorsJohn Grundy, William G.J. Halfond
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages5
ISBN (Print)9781538626696
Publication statusPublished - 7 Jul 2017
Externally publishedYes
EventIEEE/ACM International Conference on Mobile Software Engineering and Systems 2017 - Buenos Aires, Argentina
Duration: 22 May 201723 May 2017
Conference number: 4th


ConferenceIEEE/ACM International Conference on Mobile Software Engineering and Systems 2017
Abbreviated titleMOBILESoft 2017
CityBuenos Aires
Internet address

Cite this