Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2014, Vol. 54 Issue (1) : 8-13     DOI:
Orginal Article |
Control dependency analyses for detecting remote control Android malware
Jingzhe LI(),Bin LIANG,Wei YOU,Peng WANG,Wenchang SHI
School of Information, Renmin University of China, Beijing 100872, China
Download: PDF(1159 KB)   HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks     Supporting Info
Guide   
Abstract  

A method is given to detect remote control Android malware using a control dependency analysis based on real-world malware characteristics. The malware is detected using dynamic taint analysis. An extended dynamic taint analysis method is used to detect remote control malware. A static analysis is used first to identify the control range of the conditional instructions, and the static instrumentation technique insered into the target application to track the control dependence. The instrumented application can then check whether the current sensitive operation depends on the tainted data at runtime. Then users can then effectively analyze and detect remote control malware. A prototype system based on the method shows that this method effectively detects real remote control malware.
Keywords remote control malware      dynamic taint analysis      control dependence     
ZTFLH:     
Fund: 
Issue Date: 15 January 2014
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
Jingzhe LI
Bin LIANG
Wei YOU
Peng WANG
Wenchang SHI
Cite this article:   
Jingzhe LI,Bin LIANG,Wei YOU, et al. Control dependency analyses for detecting remote control Android malware[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 8-13.
URL:  
http://jst.tsinghuajournals.com/EN/     OR     http://jst.tsinghuajournals.com/EN/Y2014/V54/I1/8
  
  
  
  
样本类别 样本个数 恶意行为
Geinimi 7 远程控制发送短信
GoldDream 6 远程控制发送短信
Anserverbot 2 远程控制下载
  
[1] ZHOU Yajin, JIANG Xuxian. Dissecting Android malware: Characterization and evolution [C]// Proceedings of the IEEE Symposium on Security and Privacy. San Francisco, USA:IEEE, 2012: 95-109.
[2] 网秦公司. 2013年上半年网秦全球手机安全报告 [Z/OL]. (2013-11-25), http://cn.nq.com/neirong/2013Q2.pdf. Wangqin Company. Wangqin global moble phone security in the first half of 2013 [Z/OL]. (2013-10-25), http://cn.nq.com/neirong/2013Q2.pdf. (in Chinese)
[3] ZHOU Yajin, WANG Zhi, WU Zhou, et al.Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets [C]// Proceedings of the Network and Distributed System Security Symposium. San Diego, USA: Internet Society, 2012.
[4] Fritz C, Arzt S, Rasthofer S, et al. Highly precise taint analysis for android applications [Z/OL]. (2013-11-25), http://www.bodden.de/pubs/TUD-CS-2013-0113.pdf.
[5] Gibler C, Crussell J, Erickson J, et al.AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale [C]// Proceedings of the 5th International Conference, TRUST 2012. Vienna, Austria:Springer, 2012: 291-307
[6] Schwartzbach M I. Lecture notes on static analysis [Z/OL]. (2013-11-25), http://pp.ipd.kit.edu/lehre/SS2009/compiler2/schwarzbach-static-analysis.pdf.
[7] Schwartz E J, Avgerinos T, Brumley D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution [C]// Proceedings of the IEEE Symposium on Security and Privacy. Oakland, USA: IEEE, 2010, 317-331
[8] Enck W, Gilbert P, Chun B G, et al.TaintDroid: An information-fiow tracking system for realtime privacy monitoring on smartphones [C]// Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. Vancouver, Canada:USENIX, 2010: 1-6.
[9] Yan L, Yin H. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis [C]// Proceedings of the 21st USENIX Security Symposium. Bellevue, USA:USENIX, 2012: 29-29.
[10] Strazzere T, Wyatt T. Geinimi Trojan technical teardown [Z/OL]. (2013-11-25), https://blog.lookout.com/_media/Geinimi_Trojan_Teardown.pdf.
[11] Kang M G, McCamant S, Poosankam P, et al. DTA++: Dynamic taint analysis with targeted control-flow propagation [C]// Proceedings of the Network and Distributed System Security Symposium. San Diego, USA: Internet Society 2011.
[12] Clause J, LI Wanchun, Orso A. Dytan: A generic dynamic taint analysis framework [C]// Proceedings of the 2007 International Symposium on Software Testing and Analysis. New York, USA: ACM, 2011: 196-206
[13] Aho A V, Lam M S, Sethi R, et al.Compilers Principles, Techniques, and Tools [M]. 赵建华, 郑滔, 戴新宇, 译. 北京: 机械工业出版社, 2009 Aho A V, Lam M S, Sethi R, et al.Compilers Principles, Techniques, and Tools [M]. ZHAO Jianhua, ZHENG Tao, DAI Xinyu. Beijing: China Machine Press, 2009 (in Chinese)
[14] Lengauer T, Tarjan R E. A fast algorithm for finding dominators in a flowgraph [C]// Proceedings of ACM Transactions on Programming Languages and Systems. New York, USA: Association for Computing Machinery, 1979: 121-141.
[1] LIANG Bin, GONG Weigang, YOU Wei, LI Zan, SHI Wenchang. DTA technique for JavaScript optimizing compilation mode[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 932-938.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd