POSTER: Detection of information leaks via reflection in Android apps

Jyoti Gajrani; Li Li; Vijay Laxmi; Meenakshi Tripathi; M. S. Gaur; Mauro Conti

doi:10.1145/3052973.3055162

POSTER: Detection of information leaks via reflection in Android apps

Jyoti Gajrani, Li Li, Vijay Laxmi, Meenakshi Tripathi, M. S. Gaur, Mauro Conti

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Other

5 Citations (Scopus)

Abstract

Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

Original language	English
Title of host publication	Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
Editors	Ahmad-Reza Sadeghi, Xun Yi
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	911-913
Number of pages	3
ISBN (Electronic)	9781450349444
DOIs	https://doi.org/10.1145/3052973.3055162
Publication status	Published - 2017
Externally published	Yes
Event	ACM Symposium on Information, Computer and Communications Security 2017 - Abu Dhabi, United Arab Emirates Duration: 2 Apr 2017 → 6 Apr 2017 Conference number: 12th https://dl.acm.org/doi/proceedings/10.1145/3052973

Conference

Conference	ACM Symposium on Information, Computer and Communications Security 2017
Abbreviated title	AsiaCCS 2017
Country/Territory	United Arab Emirates
City	Abu Dhabi
Period	2/04/17 → 6/04/17
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3052973

Keywords

Android
Dynamic analysis
Instrumentation
Malware
Reflection

Access to Document

10.1145/3052973.3055162

Cite this

@inproceedings{d471e519287d49d68491f96c81e892c3,

title = "POSTER: Detection of information leaks via reflection in Android apps",

abstract = "Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.",

keywords = "Android, Dynamic analysis, Instrumentation, Malware, Reflection",

author = "Jyoti Gajrani and Li Li and Vijay Laxmi and Meenakshi Tripathi and Gaur, {M. S.} and Mauro Conti",

year = "2017",

doi = "10.1145/3052973.3055162",

language = "English",

pages = "911--913",

editor = "Sadeghi, {Ahmad-Reza } and Yi, {Xun }",

booktitle = "Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

note = "ACM Symposium on Information, Computer and Communications Security 2017, AsiaCCS 2017 ; Conference date: 02-04-2017 Through 06-04-2017",

url = "https://dl.acm.org/doi/proceedings/10.1145/3052973",

}

Gajrani, J, Li, L, Laxmi, V, Tripathi, M, Gaur, MS & Conti, M 2017, POSTER: Detection of information leaks via reflection in Android apps. in A-R Sadeghi & X Yi (eds), Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), New York NY USA, pp. 911-913, ACM Symposium on Information, Computer and Communications Security 2017, Abu Dhabi, United Arab Emirates, 2/04/17. https://doi.org/10.1145/3052973.3055162

POSTER: Detection of information leaks via reflection in Android apps. / Gajrani, Jyoti; Li, Li; Laxmi, Vijay et al.
Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security. ed. / Ahmad-Reza Sadeghi; Xun Yi. New York NY USA: Association for Computing Machinery (ACM), 2017. p. 911-913.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Other

TY - GEN

T1 - POSTER

T2 - ACM Symposium on Information, Computer and Communications Security 2017

AU - Gajrani, Jyoti

AU - Li, Li

AU - Laxmi, Vijay

AU - Tripathi, Meenakshi

AU - Gaur, M. S.

AU - Conti, Mauro

N1 - Conference code: 12th

PY - 2017

Y1 - 2017

N2 - Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

AB - Reflection is a language feature which allows to analyze and transform the behavior of classes at the runtime. Reflection is used for software debugging and testing. Malware authors can leverage re ection to subvert the malware de- tection by static analyzers. Re ection initializes the class, invokes any method of class, or accesses any field of class. But, instead of utilizing usual programming language syn- tax, reflection passes classes/methods etc. as parameters to reflective APIs. As a consequence, these parameters can be constructed dynamically or can be encrypted by malware. These cannot be detected by state-of-the-art static tools. We propose EspyDroid, a system that combines dynamic analysis with code instrumentation for a more precise and automated detection of malware employing re ection. Weflevaluate EspyDroid on 28 benchmark apps employing majorflre ection categories. Our technique show improved results over FlowDroid via detection of additional undetected ows. These flows have potential to leak sensitive and private in- formation of the users, through various sinks.

KW - Android

KW - Dynamic analysis

KW - Instrumentation

KW - Malware

KW - Reflection

UR - http://www.scopus.com/inward/record.url?scp=85022079248&partnerID=8YFLogxK

U2 - 10.1145/3052973.3055162

DO - 10.1145/3052973.3055162

M3 - Conference Paper

AN - SCOPUS:85022079248

SP - 911

EP - 913

BT - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security

A2 - Sadeghi, Ahmad-Reza

A2 - Yi, Xun

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 2 April 2017 through 6 April 2017

ER -

POSTER: Detection of information leaks via reflection in Android apps

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this