On The (In)Effectiveness of Static Logic Bomb Detection for Android Apps
IEEE Transactions on Dependable and Secure Computing(2022)
摘要
Android is present in more than 85% of mobile devices, making it a prime target for malware. Malicious code is becoming increasingly sophisticated and relies on
logic bombs
to hide itself from dynamic analysis. In this article, we perform a large scale study of
TSOpen
, our open-source implementation of the state-of-the-art static logic bomb scanner
TriggerScope
, on more than 500k Android applications. Results indicate that the approach scales. Moreover, we investigate the discrepancies and show that the approach can reach a very low false-positive rate, 0.3%, but at a particular cost, e.g., removing 90% of sensitive methods. Therefore, it might not be realistic to rely on such an approach to automatically detect
all
logic bombs in large datasets. However, it could be used to speed up the location of malicious code, for instance, while reverse engineering applications. We also present
TrigDB
a database of 68 Android applications containing trigger-based behavior as a ground-truth to the research community.
更多查看译文
关键词
Logic bombs,trigger analysis,static analysis,android applications security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要