Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Understanding Android Security
IEEE Security and Privacy
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Botnet Command and Control Mechanisms
ICCEE '09 Proceedings of the 2009 Second International Conference on Computer and Electrical Engineering - Volume 01
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A forced sampled execution approach to kernel rootkit identification
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Identifying Dormant Functionality in Malware Programs
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Proceedings of the 17th ACM conference on Computer and communications security
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Crowdroid: behavior-based malware detection system for Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Unsafe exposure analysis of mobile in-app advertisements
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
RiskRanker: scalable and accurate zero-day android malware detection
Proceedings of the 10th international conference on Mobile systems, applications, and services
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
A quantitative study of accuracy in system call-based malware detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
ProfileDroid: multi-layer profiling of android applications
Proceedings of the 18th annual international conference on Mobile computing and networking
Security'12 Proceedings of the 21st USENIX conference on Security symposium
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
PScout: analyzing the Android permission specification
Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Using probabilistic generative models for ranking risks of Android apps
Proceedings of the 2012 ACM conference on Computer and communications security
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
AppsPlayground: automatic security analysis of smartphone applications
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the third ACM conference on Data and application security and privacy
MAST: triage for market-scale mobile malware analysis
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Mining Permission Request Patterns from Android and Facebook Applications
ICDM '12 Proceedings of the 2012 IEEE 12th International Conference on Data Mining
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AppIntent: analyzing sensitive data transmission in android for privacy leakage detection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Android platform adopts permissions to protect sensitive resources from untrusted apps. However, after permissions are granted by users at install time, apps could use these permissions (sensitive resources) with no further restrictions. Thus, recent years have witnessed the explosion of undesirable behaviors in Android apps. An important part in the defense is the accurate analysis of Android apps. However, traditional syscall-based analysis techniques are not well-suited for Android, because they could not capture critical interactions between the application and the Android system. This paper presents VetDroid, a dynamic analysis platform for reconstructing sensitive behaviors in Android apps from a novel permission use perspective. VetDroid features a systematic framework to effectively construct permission use behaviors, i.e., how applications use permissions to access (sensitive) system resources, and how these acquired permission-sensitive resources are further utilized by the application. With permission use behaviors, security analysts can easily examine the internal sensitive behaviors of an app. Using real-world Android malware, we show that VetDroid can clearly reconstruct fine-grained malicious behaviors to ease malware analysis. We further apply VetDroid to 1,249 top free apps in Google Play. VetDroid can assist in finding more information leaks than TaintDroid, a state-of-the-art technique. In addition, we show how we can use VetDroid to analyze fine-grained causes of information leaks that TaintDroid cannot reveal. Finally, we show that VetDroid can help identify subtle vulnerabilities in some (top free) applications otherwise hard to detect.