POSTER

Detection of information leaks via reflection in android apps

Jyoti Gajrani, Li Li, Vijay Laxmi, Meenakshi Tripathi, M. S. Gaur, Mauro Conti

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

2 Citations (Scopus)

Abstract

Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

Original languageEnglish
Title of host publicationASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery (ACM)
Pages911-913
Number of pages3
ISBN (Electronic)9781450349444
DOIs
Publication statusPublished - 2 Apr 2017
Externally publishedYes
EventACM Symposium on Information, Computer and Communications Security 2017 - Abu Dhabi, United Arab Emirates
Duration: 2 Apr 20176 Apr 2017
Conference number: 12th

Conference

ConferenceACM Symposium on Information, Computer and Communications Security 2017
Abbreviated titleAsiaCCS 2017
CountryUnited Arab Emirates
CityAbu Dhabi
Period2/04/176/04/17

Keywords

  • Android
  • Dynamic analysis
  • Instrumentation
  • Malware
  • Reflection

Cite this

Gajrani, J., Li, L., Laxmi, V., Tripathi, M., Gaur, M. S., & Conti, M. (2017). POSTER: Detection of information leaks via reflection in android apps. In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security (pp. 911-913). Association for Computing Machinery (ACM). https://doi.org/10.1145/3052973.3055162
Gajrani, Jyoti ; Li, Li ; Laxmi, Vijay ; Tripathi, Meenakshi ; Gaur, M. S. ; Conti, Mauro. / POSTER : Detection of information leaks via reflection in android apps. ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), 2017. pp. 911-913
@inproceedings{d471e519287d49d68491f96c81e892c3,
title = "POSTER: Detection of information leaks via reflection in android apps",
abstract = "Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.",
keywords = "Android, Dynamic analysis, Instrumentation, Malware, Reflection",
author = "Jyoti Gajrani and Li Li and Vijay Laxmi and Meenakshi Tripathi and Gaur, {M. S.} and Mauro Conti",
year = "2017",
month = "4",
day = "2",
doi = "10.1145/3052973.3055162",
language = "English",
pages = "911--913",
booktitle = "ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery (ACM)",
address = "United States of America",

}

Gajrani, J, Li, L, Laxmi, V, Tripathi, M, Gaur, MS & Conti, M 2017, POSTER: Detection of information leaks via reflection in android apps. in ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 911-913, ACM Symposium on Information, Computer and Communications Security 2017, Abu Dhabi, United Arab Emirates, 2/04/17. https://doi.org/10.1145/3052973.3055162

POSTER : Detection of information leaks via reflection in android apps. / Gajrani, Jyoti; Li, Li; Laxmi, Vijay; Tripathi, Meenakshi; Gaur, M. S.; Conti, Mauro.

ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), 2017. p. 911-913.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - POSTER

T2 - Detection of information leaks via reflection in android apps

AU - Gajrani, Jyoti

AU - Li, Li

AU - Laxmi, Vijay

AU - Tripathi, Meenakshi

AU - Gaur, M. S.

AU - Conti, Mauro

PY - 2017/4/2

Y1 - 2017/4/2

N2 - Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

AB - Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

KW - Android

KW - Dynamic analysis

KW - Instrumentation

KW - Malware

KW - Reflection

UR - http://www.scopus.com/inward/record.url?scp=85022079248&partnerID=8YFLogxK

U2 - 10.1145/3052973.3055162

DO - 10.1145/3052973.3055162

M3 - Conference Paper

SP - 911

EP - 913

BT - ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

ER -

Gajrani J, Li L, Laxmi V, Tripathi M, Gaur MS, Conti M. POSTER: Detection of information leaks via reflection in android apps. In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM). 2017. p. 911-913 https://doi.org/10.1145/3052973.3055162