Enhancing the accuracy of static analysis for detecting sensitive data leakage in Android by using dynamic analysis

14:40 26/06/2018

One approach of Android security is the analysis for detecting potential information leaks. The current technical analyses (as static analysis, dynamic analysis, hybrid of static and dynamic analysis) only focus on action within a single application, while the coordinated action of several applications for the malicious purpose is becoming popular. This study proposes a hybrid approach that combines static and dynamic analysis to detect information leak as a result of the coordinated action of multiple applications. In this text, we call it inter-application malware. The analysis takes place in two stages. The first stage uses static analysis to indicate the chains of sensitive actions on multiple applications. The second stage validates whether the chain of sensitive actions indeed leaks user’s data by using the dynamic analysis. In fact, the applications in question are forced to execute after the chains of sensitive actions detected in the first stage. The sensitive actions are monitored and analyzed to determine which actions are the causes of information leakage. And we have implemented an analysis tool, named eDSDroid. We have evaluated our tool on the famous Toyapps test case. The test result shows the correctness and effectiveness of our tool.

The diverse landscape of network models, including Software-Defined Networking (SDN), Cloud Computing (C2), and Internet of Things (IoT), is evolving to meet the demands of flexibility and performance. However, these environments face numerous security challenges due to cyber-attack complexity. Traditional defense mechanisms are no longer effective against modern attacks. Therefore,...
As data driven-based Windows malware detectors become increasingly prevalent, the need for robust evaluation and enhancement of adversarial malware generation techniques also becomes imperative, as malicious actors will adapt and enhance their malware to evade detection. There are numerous works that introduce new techniques or enhancements for adversarial malware. One...