File(s) under permanent embargo
URefFlow: a unified android malware detection model based on reflective calls
conference contribution
posted on 2018-01-01, 00:00 authored by C Liu, J Li, M Yu, Gang LiGang Li, B Luo, K Chen, J Jiang, W Huang© 2018 IEEE. In Android malware detection, sensitive data-flows provide more accurate information on the application's behavior than regular features such as signatures and permissions. Currently, Android static taint analysis is widely adopted to identify sensitive data-flows because of its high code coverage and low false negative rate. However, existing static taint analysis tools cannot effectively analyze applications that adopt Android reflection mechanism. Reflection mechanism can block the control-flows and data-flows of the application. When constructing a call graph, the call information will point directly to the system's reflection processing method, rather than the actual method invoked by the application. This significantly affects the accurate representation of the application's behavior. To address this issue, this paper proposes a unified Android malware detection model based on reflective calls named URefFlow, in which the reflective call statement is replaced by the non-reflective call statement to make the reflective calls explicit by combining the parameters of the reflective calls into standard function calls. After extracting the complete sensitive data-flows with reflective calls from an application, we analyze the characteristics of these data-flows to determine whether the application is malicious. Evaluation results on thousands of applications show that URefFlow can achieve an impressive detection accuracy of 95.6% with a false positive rate of 0.8%. In addition, the proposed approach complements well with existing static stain analysis techniques.
History
Event
International Performance Computing and Communications. Conference (37th : 2018, Orlando, Florida))Publisher
IEEELocation
Orlando, FloridaPlace of publication
Piscataway, N.J.Publisher DOI
Start date
2018-11-17End date
2018-11-19ISBN-13
9781538668085Language
engPublication classification
E1 Full written paper - refereedCopyright notice
2018, IEEETitle of proceedings
IPCCC 2018 : Proceedings of the IEEE 37th International Performance Computing and Communications ConferenceUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC