Advances in Information and Computer Security

Malware have threatened Android security for a long time. One of main sources of those Android malware is that attackers inject malicious payloads into legitimate apps and then republish them, called repackaged malware. In this paper, we propose a new dynamic approach to analyze and detect the behaviors of Android repackaged malware. Our approach mainly concerns the framework-level behaviors of apps with rich semantics and a special execution sandbox is firstly constructed to extract them. Then, assuming that malicious payloads are usually triggered by certain events, we reconstruct the execution dependency graph to distinguish different event behaviors of malware. Thus, based on the independent event behavior sequences, only a small amount of malware samples from the same family are required to accurately compare and locate their common behaviors, which can be further used as signatures to detect other suspicious Android apps or to analyze malware’s activities. For evaluation, we have implement the prototype system and 9 families of real world repackaged malware are detected in our experiments. Although only 3 samples for each family are randomly chosen to extract their common malware behaviors, the results show that our approach still has a high detection accuracy (96.3 %). In addition, some attacks such as code encryption and delay attack are also studied in this work.

[1]  Hakan Hacigümüs,et al.  Search on Encrypted Data , 2007, Secure Data Management in Decentralized Systems.

[2]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[3]  Cong Wang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[4]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..

[5]  David Haussler,et al.  Complete inverted files for efficient text retrieval and analysis , 1987, JACM.

[6]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[7]  Lianzhong Liu,et al.  Bloom Filter Based Index for Query over Encrypted Character Strings in Database , 2009, 2009 WRI World Congress on Computer Science and Information Engineering.

[8]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[9]  Claus-Peter Schnorr,et al.  Lattice Reduction by Random Sampling and Birthday Methods , 2003, STACS.

[10]  Melissa Chase,et al.  Substring-Searchable Symmetric Encryption , 2015, Proc. Priv. Enhancing Technol..

[11]  Hari Balakrishnan,et al.  CryptDB: processing queries on an encrypted database , 2012, CACM.

[12]  Kouichi Sakurai,et al.  Secure Keyword Search Using Bloom Filter with Specified Character Positions , 2012, ProvSec.

[13]  Florian Kerschbaum,et al.  Searchable Encryption with Secure and Efficient Updates , 2014, CCS.

[14]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[15]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[16]  Jie Wu,et al.  An Efficient Privacy Preserving Keyword Search Scheme in Cloud Computing , 2009, 2009 International Conference on Computational Science and Engineering.

[17]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[18]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[19]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[20]  Kaoru Kurosawa,et al.  UC-Secure Searchable Symmetric Encryption , 2012, Financial Cryptography.

[21]  Indrajit Ray,et al.  Substring Position Search over Encrypted Cloud Data Using Tree-Based Index , 2015, 2015 IEEE International Conference on Cloud Engineering.

[22]  Mingsheng Wang,et al.  Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers , 2012, INDOCRYPT.

[23]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[24]  David Haussler,et al.  The Smallest Automaton Recognizing the Subwords of a Text , 1985, Theor. Comput. Sci..

[25]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[26]  Xuejia Lai,et al.  Impossible differential cryptanalysis of MARS-like structures , 2015, IET Inf. Secur..

[27]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[28]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..