Droidrevealer: Automatically detecting Mysterious Codes in Android applications
| Title | Droidrevealer: Automatically detecting Mysterious Codes in Android applications |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Zhang, X., Cao, Y., Yang, M., Wu, J., Luo, T., Liu, Y. |
| Conference Name | 2017 IEEE Conference on Dependable and Secure Computing |
| Date Published | Aug. 2017 |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-5569-2 |
| Keywords | android, Android (operating system), android encryption, Android malware, Androids, Decode, Decrypt, Droidrevealer, Encryption, Human Behavior, human factors, Humanoid robots, invasive software, Libraries, malicious code snippets, Malware, malware detection, Metrics, Mysterious Codes, pubcrawl, resilience, Resiliency, Scalability, Sensitive Behavior, smart phones, undetectable codes |
| Abstract | The state-of-the-art Android malware often encrypts or encodes malicious code snippets to evade malware detection. In this paper, such undetectable codes are called Mysterious Codes. To make such codes detectable, we design a system called Droidrevealer to automatically identify Mysterious Codes and then decode or decrypt them. The prototype of Droidrevealer is implemented and evaluated with 5,600 malwares. The results show that 257 samples contain the Mysterious Codes and 11,367 items are exposed. Furthermore, several sensitive behaviors hidden in the Mysterious Codes are disclosed by Droidrevealer. |
| URL | http://ieeexplore.ieee.org/document/8073885/ |
| DOI | 10.1109/DESEC.2017.8073885 |
| Citation Key | zhang_droidrevealer:_2017 |
- Libraries
- undetectable codes
- smart phones
- Sensitive Behavior
- Scalability
- Resiliency
- resilience
- pubcrawl
- Mysterious Codes
- Metrics
- malware detection
- malware
- malicious code snippets
- android
- invasive software
- Humanoid robots
- Human Factors
- Human behavior
- encryption
- Droidrevealer
- Decrypt
- Decode
- Androids
- Android malware
- android encryption
- Android (operating system)