Show simple item record

dc.contributor.authorShan, Zhiyong
dc.contributor.authorNeamtiu, Iulian
dc.contributor.authorSamuel, Raina
dc.date.accessioned2019-02-08T03:19:07Z
dc.date.available2019-02-08T03:19:07Z
dc.date.issued2018
dc.identifier.citationZhiyong Shan, Iulian Neamtiu, and Raina Samuel. 2018. Self-Hiding Behavior in Android Apps: Detection and Characterization. In ICSE ’18: ICSE ’18: 40th International Conference on Software Engineering , May 27-June 3, 2018, Gothenburg, Sweden. ACM, New York, NY, USA, 12 pages. https://doi.org/ 10.1145/3180155.3180214en_US
dc.identifier.isbn978-1-4503-5638-1
dc.identifier.otherWOS:000454843300091
dc.identifier.urihttps://doi.org/10.1145/3180155.3180214
dc.identifier.urihttp://hdl.handle.net/10057/15791
dc.descriptionClick on the DOI link to access this article (may not be free.)en_US
dc.description.abstractApplications (apps) that conceal their activities are fundamentally deceptive; app marketplaces and end-users should treat such apps as suspicious. However, due to its nature and intent, activity concealing is not disclosed up-front, which puts users at risk. In this paper, we focus on characterization and detection of such techniques, e.g., hiding the app or removing traces, which we call "self hiding behavior" (SHB). SHB has not been studied per se - rather it has been reported on only as a byproduct of malware investigations. We address this gap via a study and suite of static analyses targeted at SH in Android apps. Specifically, we present (1) a detailed characterization of SHB, (2) a suite of static analyses to detect such behavior, and (3) a set of detectors that employ SHB to distinguish between benign and malicious apps. We show that SHB ranges from hiding the app's presence or activity to covering an app's traces, e.g., by blocking phone calls/text messages or removing calls and messages from logs. Using our static analysis tools on a large dataset of 9,452 Android apps (benign as well as malicious) we expose the frequency of 12 such SH behaviors. Our approach is effective: it has revealed that malicious apps employ 1.5 SHBs per app on average. Surprisingly, SH behavior is also employed by legitimate ("benign") apps, which can affect users negatively in multiple ways. When using our approach for separating malicious from benign apps, our approach has high precision and recall (combined F-measure = 87.19%). Our approach is also efficient, with analysis typically taking just 37 seconds per app. We believe that our findings and analysis tool are beneficial to both app marketplaces and end-users.en_US
dc.description.sponsorshipNational Science Foundation [CNS-1617584]; Army Research Laboratory [W911NF-13-2-0045].en_US
dc.language.isoen_USen_US
dc.publisherAssociation for Computing Machineryen_US
dc.relation.ispartofseries40th ACM/IEEE International Conference on Software Engineering (ICSE);2018
dc.subjectAndroiden_US
dc.subjectStatic analysisen_US
dc.subjectMalwareen_US
dc.subjectMobile securityen_US
dc.titleSelf-hiding behavior in Android apps: detection and characterizationen_US
dc.typeArticleen_US
dc.rights.holder© 2018 Association for Computing Machineryen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record