SlideShare a Scribd company logo

Automatically Locating Malicious Packages in Piggybacked Android Apps

MobileSoft
MobileSoft

"Automatically Locating Malicious Packages in Piggybacked Android Apps" by Li Li with Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, David Lo, and Yves le Traon. MobileSoft17, Buenos Aires, Argentina, 2017.

Software
1 of 18
Download to read offline
15-1 11 Automatically Locating Malicious Packages in Piggybacked Android Apps Li LI, SnT, University of Luxembourg Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, David Lo, and Yves le Traon
15-2 Android ? 2
15-3SnT, University of Luxembourg Motivation Global smartphone sales (in millions) 3
15-4SnT, University of Luxembourg Motivation Explosion of Apps on Google Play 4
15-5SnT, University of Luxembourg Motivation 2016 Symantec Internet Security Threat Report Explosion of Malware 5
15-6 6 SnT, University of Luxembourg 6 Goal: Locating Malicious Payloads
15-7SnT, University of Luxembourg 7 Piggybacked App Original App Malicious Payload Goal: Locating Malicious Payloads Piggybacked Malicious Apps Carrier Rider Hook Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, scalable detection of “piggybacked” mobile applications. In CODASPY ’13, pages 185–196, New York, NY, USA, 2013
15-8SnT, University of Luxembourg Piggybacked Malicious Apps 8 Piggybacked App Original Counterpart Malicious Diff Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo and Lorenzo Cavallaro, Understanding Android App Piggybacking, The 39th International Conference on Software Engineering, Poster Track (ICSE), 2017 Full paper appears to IEEE TIFS journal, 2017
15-9SnT, University of Luxembourg Piggybacked Malicious Apps 9 Piggybacked App Malicious Diff When the Original Counterpart is Unknown?
15-10SnT, University of Luxembourg HookRanker 10 com.umeng.common com.umeng.xp com.unity3d.player com.gamegod org.fmod com.umeng.analytics com.mobile.co com.ah.mfcom.android.kode_p 1 4 4 132 1 4 4 3 6 Package Dependence Graph (PDGraph) The objective of HookRanker is to build a ranked list of the packages based on a likelihood score that a package is the entry point of the malicious payloads.
15-11SnT, University of Luxembourg HookRanker 11 com.umeng.common com.umeng.xp com.unity3d.player com.gamegod org.fmod com.umeng.analytics com.mobile.co com.ah.mfcom.android.kode_p 1 4 4 132 1 4 4 3 6 Carrier Rider
15-12SnT, University of Luxembourg HookRanker 12 Ø Weighted Indgree (w1) Ø Unweighted indegree (w2) Ø Maximum shortest path (w3) Ø Energy (w4) Metrics Constraints Ø No closed walk Ø Limited clustering coefficient
15-13 13 SnT, University of Luxembourg 13 Evaluation Ø RQ1: Can we identify hooks? If So, what is the hook distribution? Ø RQ2: Is our proposed metrics capable of locating hooks in piggybacked Android apps? If so, what is the accuracy? Experimental Setup: 500 known piggybacked app pairs Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo and Lorenzo Cavallaro, Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting, IEEE Transactions on Information Forensics & Security (TIFS), 2017
15-14 14 SnT, University of Luxembourg 14 RQ1: Hook Distribution 0.0 0.5 1.0 1.5 2.0 The Number of Hooks 341, out of 500 piggybacked malicious apps contain hooks
15-15 15 SnT, University of Luxembourg 15 Evaluation Ø RQ1: Can we identify hooks? If So, what is the hook distribution? Ø RQ2: Is our proposed metrics capable of locating hooks in piggybacked Android apps? If so, what is the accuracy? Experimental Setup: 500 known piggybacked app pairs Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo and Lorenzo Cavallaro, Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting, IEEE Transactions on Information Forensics & Security (TIFS), 2017
15-16 16 SnT, University of Luxembourg 16 RQ2: Hook Identification Overall, HookRanker yields an accuracy@5 of 83.6%
15-17 17 SnT, University of Luxembourg 17 Conclusion Li Li Luxembourg li.li@uni.lu http://lilicoding.github.io Ø We propose an automated approach for locating hooks (i.e., code that switches the execution context from benign to malicious code) within piggybacked malicious apps. Ø We present a tool called HookRanker to automatically recommend potential malicious packages.
15-18SnT, University of Luxembourg Piggybacked Malicious Apps 18 Set of Android Apps Carrier Rider piggybacked APP (a2) Hook original APP (a1) Set of Piggybacked Apps Set of Malware Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, scalable detection of “piggybacked” mobile applications. In CODASPY ’13, pages 185–196, New York, NY, USA, 2013

Recommended

The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to EnlightenmentBlack Duck by Synopsys
 
Google play
Google playGoogle play
Google playPrudentialInfotechLi
 
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna Stamboliyska
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna StamboliyskaEmbedded Recipes 2018 - Io(M)T: A year in review - Rayna Stamboliyska
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna StamboliyskaAnne Nicolas
 
Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...
Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...
Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...Pei Wang
 
Charan Resume
Charan ResumeCharan Resume
Charan ResumeCharan Mukkamala
 
Introduction to software engineering
Introduction to software engineeringIntroduction to software engineering
Introduction to software engineeringสาโรจน์ แสงผ่องอำไพ
 
Thinking in software testing
Thinking in software testingThinking in software testing
Thinking in software testingสาโรจน์ แสงผ่องอำไพ
 
IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...
IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...
IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...Mansour Ahmadi
 

Recommended

The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to EnlightenmentBlack Duck by Synopsys
 
Google play
Google playGoogle play
Google playPrudentialInfotechLi
 
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna Stamboliyska
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna StamboliyskaEmbedded Recipes 2018 - Io(M)T: A year in review - Rayna Stamboliyska
Embedded Recipes 2018 - Io(M)T: A year in review - Rayna StamboliyskaAnne Nicolas
 
Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...
Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...
Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Ob...Pei Wang
 
Charan Resume
Charan ResumeCharan Resume
Charan ResumeCharan Mukkamala
 
Introduction to software engineering
Introduction to software engineeringIntroduction to software engineering
Introduction to software engineeringสาโรจน์ แสงผ่องอำไพ
 
Thinking in software testing
Thinking in software testingThinking in software testing
Thinking in software testingสาโรจน์ แสงผ่องอำไพ
 
IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...
IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...
IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on And...Mansour Ahmadi
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!All Things Open
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Dinis Cruz
 
Enginneer promo eng
Enginneer promo engEnginneer promo eng
Enginneer promo engMOVET
 
The Art of Defensive Programming By Ipan Ardian
The Art of Defensive Programming By Ipan ArdianThe Art of Defensive Programming By Ipan Ardian
The Art of Defensive Programming By Ipan ArdianIpan Ardian
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET Journal
 
Android Malware Detection Mechanisms
Android Malware Detection MechanismsAndroid Malware Detection Mechanisms
Android Malware Detection MechanismsTalha Kabakus
 
Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
Check point 2015-securityreport
Check point 2015-securityreportCheck point 2015-securityreport
Check point 2015-securityreportEIINSTITUT
 
presentation
presentationpresentation
presentationSaveraAyub2
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_uslinkedinbeam
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonJose Moruno Cadima
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012Shivmohan Yadav
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast
 
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdfCritical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdftxkev
 
Secureview 4 - 2010
Secureview 4 - 2010Secureview 4 - 2010
Secureview 4 - 2010Felipe Prado
 

More Related Content

What's hot

Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Dinis Cruz
 
Enginneer promo eng
Enginneer promo engEnginneer promo eng
Enginneer promo engMOVET
 
The Art of Defensive Programming By Ipan Ardian
The Art of Defensive Programming By Ipan ArdianThe Art of Defensive Programming By Ipan Ardian
The Art of Defensive Programming By Ipan ArdianIpan Ardian
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET Journal
 
Android Malware Detection Mechanisms
Android Malware Detection MechanismsAndroid Malware Detection Mechanisms
Android Malware Detection MechanismsTalha Kabakus
 

What's hot (6)

Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)
 
Enginneer promo eng
Enginneer promo engEnginneer promo eng
Enginneer promo eng
 
The Art of Defensive Programming By Ipan Ardian
The Art of Defensive Programming By Ipan ArdianThe Art of Defensive Programming By Ipan Ardian
The Art of Defensive Programming By Ipan Ardian
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine Learning
 
Android Malware Detection Mechanisms
Android Malware Detection MechanismsAndroid Malware Detection Mechanisms
Android Malware Detection Mechanisms
 

Similar to Automatically Locating Malicious Packages in Piggybacked Android Apps

Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
 
Check point 2015-securityreport
Check point 2015-securityreportCheck point 2015-securityreport
Check point 2015-securityreportEIINSTITUT
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_uslinkedinbeam
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileMarketingArrowECS_CZ
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRijtsrd
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonJose Moruno Cadima
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012Shivmohan Yadav
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast
 
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdfCritical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdftxkev
 
Secureview 4 - 2010
Secureview 4 - 2010Secureview 4 - 2010
Secureview 4 - 2010Felipe Prado
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
Cognitive approach for social engineering (How to force smart people to do du...
Cognitive approach for social engineering (How to force smart people to do du...Cognitive approach for social engineering (How to force smart people to do du...
Cognitive approach for social engineering (How to force smart people to do du...Enrico Frumento
 

Similar to Automatically Locating Malicious Packages in Piggybacked Android Apps (20)

Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...Android-manifest extraction and labeling method for malware compilation and d...
Android-manifest extraction and labeling method for malware compilation and d...
 
Check point 2015-securityreport
Check point 2015-securityreportCheck point 2015-securityreport
Check point 2015-securityreport
 
presentation
presentationpresentation
presentation
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
 
G data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_usG data mobile_mwr_q2_2015_us
G data mobile_mwr_q2_2015_us
 
Protect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast MobileProtect Your Enterprise - Check Point SandBlast Mobile
Protect Your Enterprise - Check Point SandBlast Mobile
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Enter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox ComparisonEnter Sandbox: Android Sandbox Comparison
Enter Sandbox: Android Sandbox Comparison
 
Mobile threatreport q1_2012
Mobile threatreport q1_2012Mobile threatreport q1_2012
Mobile threatreport q1_2012
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Avast Q1 Security Report 2015
Avast Q1 Security Report 2015Avast Q1 Security Report 2015
Avast Q1 Security Report 2015
 
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdfCritical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
Critical Thinking 10-7 Dynamic Mobile AccessThere are so many o.pdf
 
Secureview 4 - 2010
Secureview 4 - 2010Secureview 4 - 2010
Secureview 4 - 2010
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Cognitive approach for social engineering (How to force smart people to do du...
Cognitive approach for social engineering (How to force smart people to do du...Cognitive approach for social engineering (How to force smart people to do du...
Cognitive approach for social engineering (How to force smart people to do du...
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 

More from MobileSoft

Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...
Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...
Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...MobileSoft
 
Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...MobileSoft
 
A Framework for Regression Testing of Outdoor Mobile Applications
A Framework for Regression Testing of Outdoor Mobile ApplicationsA Framework for Regression Testing of Outdoor Mobile Applications
A Framework for Regression Testing of Outdoor Mobile ApplicationsMobileSoft
 
Who Changed You? Obfuscator Identification for Android
Who Changed You? Obfuscator Identification for AndroidWho Changed You? Obfuscator Identification for Android
Who Changed You? Obfuscator Identification for AndroidMobileSoft
 
Mobile App Development and Management: Results from a Qualitative Investigation
Mobile App Development and Management: Results from a Qualitative InvestigationMobile App Development and Management: Results from a Qualitative Investigation
Mobile App Development and Management: Results from a Qualitative InvestigationMobileSoft
 
Towards Mobile Twin Peaks for App Development
Towards Mobile Twin Peaks for App DevelopmentTowards Mobile Twin Peaks for App Development
Towards Mobile Twin Peaks for App DevelopmentMobileSoft
 
Leafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic RefactoringLeafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic RefactoringMobileSoft
 
Same App, Different App Stores: A comparative Study
Same App, Different App Stores: A comparative StudySame App, Different App Stores: A comparative Study
Same App, Different App Stores: A comparative StudyMobileSoft
 
Performance-based Guidelines for Energy-efficient Mobile Applications
Performance-based Guidelines for Energy-efficient Mobile ApplicationsPerformance-based Guidelines for Energy-efficient Mobile Applications
Performance-based Guidelines for Energy-efficient Mobile ApplicationsMobileSoft
 
Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...
Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...
Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...MobileSoft
 
Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...
Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...
Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...MobileSoft
 
Leafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic RefactoringLeafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic RefactoringMobileSoft
 
IFMLEdit.org: Model Driven Rapid Prototyping of Mobile Apps
IFMLEdit.org: Model Driven Rapid Prototyping of Mobile AppsIFMLEdit.org: Model Driven Rapid Prototyping of Mobile Apps
IFMLEdit.org: Model Driven Rapid Prototyping of Mobile AppsMobileSoft
 
Performance-based Guidelines for Energy Efficient Mobile Applications
Performance-based Guidelines for Energy Efficient Mobile ApplicationsPerformance-based Guidelines for Energy Efficient Mobile Applications
Performance-based Guidelines for Energy Efficient Mobile ApplicationsMobileSoft
 
Towards Architectural Styles for Android App Software Product Lines
Towards Architectural Styles for Android App Software Product LinesTowards Architectural Styles for Android App Software Product Lines
Towards Architectural Styles for Android App Software Product LinesMobileSoft
 
CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...
CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...
CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...MobileSoft
 
Authoring Tool for Location-based Learning Experiences
Authoring Tool for Location-based Learning ExperiencesAuthoring Tool for Location-based Learning Experiences
Authoring Tool for Location-based Learning ExperiencesMobileSoft
 
ACCUSE: Helping Users to minimize Android App Privacy Concerns
ACCUSE: Helping Users to minimize Android App Privacy ConcernsACCUSE: Helping Users to minimize Android App Privacy Concerns
ACCUSE: Helping Users to minimize Android App Privacy ConcernsMobileSoft
 
From reactive toproactive mobile security
From reactive toproactive mobile securityFrom reactive toproactive mobile security
From reactive toproactive mobile securityMobileSoft
 
Processing in Mobile Applications: A Case Study
Processing in Mobile Applications: A Case StudyProcessing in Mobile Applications: A Case Study
Processing in Mobile Applications: A Case StudyMobileSoft
 

More from MobileSoft (20)

Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...
Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...
Investigating Decreasing Energy Usage in Mobile Apps via Indistinguishable Co...
 
Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...
 
A Framework for Regression Testing of Outdoor Mobile Applications
A Framework for Regression Testing of Outdoor Mobile ApplicationsA Framework for Regression Testing of Outdoor Mobile Applications
A Framework for Regression Testing of Outdoor Mobile Applications
 
Who Changed You? Obfuscator Identification for Android
Who Changed You? Obfuscator Identification for AndroidWho Changed You? Obfuscator Identification for Android
Who Changed You? Obfuscator Identification for Android
 
Mobile App Development and Management: Results from a Qualitative Investigation
Mobile App Development and Management: Results from a Qualitative InvestigationMobile App Development and Management: Results from a Qualitative Investigation
Mobile App Development and Management: Results from a Qualitative Investigation
 
Towards Mobile Twin Peaks for App Development
Towards Mobile Twin Peaks for App DevelopmentTowards Mobile Twin Peaks for App Development
Towards Mobile Twin Peaks for App Development
 
Leafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic RefactoringLeafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
 
Same App, Different App Stores: A comparative Study
Same App, Different App Stores: A comparative StudySame App, Different App Stores: A comparative Study
Same App, Different App Stores: A comparative Study
 
Performance-based Guidelines for Energy-efficient Mobile Applications
Performance-based Guidelines for Energy-efficient Mobile ApplicationsPerformance-based Guidelines for Energy-efficient Mobile Applications
Performance-based Guidelines for Energy-efficient Mobile Applications
 
Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...
Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...
Towards Native Code Offloading Platforms for Image Processing in Mobile Appli...
 
Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...
Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...
Assessing the Impact of Service Workers on the Energy Efficiency of Progressi...
 
Leafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic RefactoringLeafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
Leafactor: Improving Energy Efficiency of Android Apps via Automatic Refactoring
 
IFMLEdit.org: Model Driven Rapid Prototyping of Mobile Apps
IFMLEdit.org: Model Driven Rapid Prototyping of Mobile AppsIFMLEdit.org: Model Driven Rapid Prototyping of Mobile Apps
IFMLEdit.org: Model Driven Rapid Prototyping of Mobile Apps
 
Performance-based Guidelines for Energy Efficient Mobile Applications
Performance-based Guidelines for Energy Efficient Mobile ApplicationsPerformance-based Guidelines for Energy Efficient Mobile Applications
Performance-based Guidelines for Energy Efficient Mobile Applications
 
Towards Architectural Styles for Android App Software Product Lines
Towards Architectural Styles for Android App Software Product LinesTowards Architectural Styles for Android App Software Product Lines
Towards Architectural Styles for Android App Software Product Lines
 
CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...
CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...
CheckDroid: A Tool for Automated Detection of Bad Practices in Android Applic...
 
Authoring Tool for Location-based Learning Experiences
Authoring Tool for Location-based Learning ExperiencesAuthoring Tool for Location-based Learning Experiences
Authoring Tool for Location-based Learning Experiences
 
ACCUSE: Helping Users to minimize Android App Privacy Concerns
ACCUSE: Helping Users to minimize Android App Privacy ConcernsACCUSE: Helping Users to minimize Android App Privacy Concerns
ACCUSE: Helping Users to minimize Android App Privacy Concerns
 
From reactive toproactive mobile security
From reactive toproactive mobile securityFrom reactive toproactive mobile security
From reactive toproactive mobile security
 
Processing in Mobile Applications: A Case Study
Processing in Mobile Applications: A Case StudyProcessing in Mobile Applications: A Case Study
Processing in Mobile Applications: A Case Study
 

Recently uploaded

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

Automatically Locating Malicious Packages in Piggybacked Android Apps

  • 1. 15-1 11 Automatically Locating Malicious Packages in Piggybacked Android Apps Li LI, SnT, University of Luxembourg Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Haipeng Cai, David Lo, and Yves le Traon
  • 3. 15-3SnT, University of Luxembourg Motivation Global smartphone sales (in millions) 3
  • 4. 15-4SnT, University of Luxembourg Motivation Explosion of Apps on Google Play 4
  • 5. 15-5SnT, University of Luxembourg Motivation 2016 Symantec Internet Security Threat Report Explosion of Malware 5
  • 6. 15-6 6 SnT, University of Luxembourg 6 Goal: Locating Malicious Payloads
  • 7. 15-7SnT, University of Luxembourg 7 Piggybacked App Original App Malicious Payload Goal: Locating Malicious Payloads Piggybacked Malicious Apps Carrier Rider Hook Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, scalable detection of “piggybacked” mobile applications. In CODASPY ’13, pages 185–196, New York, NY, USA, 2013
  • 8. 15-8SnT, University of Luxembourg Piggybacked Malicious Apps 8 Piggybacked App Original Counterpart Malicious Diff Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo and Lorenzo Cavallaro, Understanding Android App Piggybacking, The 39th International Conference on Software Engineering, Poster Track (ICSE), 2017 Full paper appears to IEEE TIFS journal, 2017
  • 9. 15-9SnT, University of Luxembourg Piggybacked Malicious Apps 9 Piggybacked App Malicious Diff When the Original Counterpart is Unknown?
  • 10. 15-10SnT, University of Luxembourg HookRanker 10 com.umeng.common com.umeng.xp com.unity3d.player com.gamegod org.fmod com.umeng.analytics com.mobile.co com.ah.mfcom.android.kode_p 1 4 4 132 1 4 4 3 6 Package Dependence Graph (PDGraph) The objective of HookRanker is to build a ranked list of the packages based on a likelihood score that a package is the entry point of the malicious payloads.
  • 11. 15-11SnT, University of Luxembourg HookRanker 11 com.umeng.common com.umeng.xp com.unity3d.player com.gamegod org.fmod com.umeng.analytics com.mobile.co com.ah.mfcom.android.kode_p 1 4 4 132 1 4 4 3 6 Carrier Rider
  • 12. 15-12SnT, University of Luxembourg HookRanker 12 Ø Weighted Indgree (w1) Ø Unweighted indegree (w2) Ø Maximum shortest path (w3) Ø Energy (w4) Metrics Constraints Ø No closed walk Ø Limited clustering coefficient
  • 13. 15-13 13 SnT, University of Luxembourg 13 Evaluation Ø RQ1: Can we identify hooks? If So, what is the hook distribution? Ø RQ2: Is our proposed metrics capable of locating hooks in piggybacked Android apps? If so, what is the accuracy? Experimental Setup: 500 known piggybacked app pairs Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo and Lorenzo Cavallaro, Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting, IEEE Transactions on Information Forensics & Security (TIFS), 2017
  • 14. 15-14 14 SnT, University of Luxembourg 14 RQ1: Hook Distribution 0.0 0.5 1.0 1.5 2.0 The Number of Hooks 341, out of 500 piggybacked malicious apps contain hooks
  • 15. 15-15 15 SnT, University of Luxembourg 15 Evaluation Ø RQ1: Can we identify hooks? If So, what is the hook distribution? Ø RQ2: Is our proposed metrics capable of locating hooks in piggybacked Android apps? If so, what is the accuracy? Experimental Setup: 500 known piggybacked app pairs Li Li, Daoyuan Li, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, David Lo and Lorenzo Cavallaro, Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting, IEEE Transactions on Information Forensics & Security (TIFS), 2017
  • 16. 15-16 16 SnT, University of Luxembourg 16 RQ2: Hook Identification Overall, HookRanker yields an accuracy@5 of 83.6%
  • 17. 15-17 17 SnT, University of Luxembourg 17 Conclusion Li Li Luxembourg li.li@uni.lu http://lilicoding.github.io Ø We propose an automated approach for locating hooks (i.e., code that switches the execution context from benign to malicious code) within piggybacked malicious apps. Ø We present a tool called HookRanker to automatically recommend potential malicious packages.
  • 18. 15-18SnT, University of Luxembourg Piggybacked Malicious Apps 18 Set of Android Apps Carrier Rider piggybacked APP (a2) Hook original APP (a1) Set of Piggybacked Apps Set of Malware Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, scalable detection of “piggybacked” mobile applications. In CODASPY ’13, pages 185–196, New York, NY, USA, 2013