research-article

Meizodon: Security Benchmarking Framework for Static Android Malware Detectors

Authors:

Sebastiaan Alvarez Rodriguez,

Erik van der KouweAuthors Info & Claims

CECC 2019: Proceedings of the Third Central European Cybersecurity Conference

Article No.: 8, Pages 1 - 7

https://doi.org/10.1145/3360664.3360672

Published: 14 November 2019 Publication History

Abstract

Many Android applications are uploaded to app stores every day. A relatively small fraction of these applications, or apps, is malware. Several research teams developed tools which automate malware detection for apps, to keep up with the never-ending stream of uploaded apks (Android PacKages). Every tool seemed better than the last, some even claiming accuracy scores well over 90%. However, all of these designs were tested against test sets containing only self-written apks, synthetic malicious apks, or otherwise statistically unsound samples. Many of these tools are open source. We propose Meizodon, a novel framework to install Android static security analysis tools and run them efficiently in a distributed fashion, in equal environments and against a suitable dataset. This allows us to make a fair and statistically sound comparison of the most recent and best known tools, on real, 'practical' malware: malware created by malware creators, not by researchers, and found in the wild. From the results, we conclude that Android static security analysis tools do show great promise to classify apks in practice, but are not quite there yet. We demonstrate that Meizodon allows us to efficiently test analysis tools, and find that the accuracy of tested analysis tools is low (F1 scores are just over 58%), and analysis fails for many apks. Additionally, we investigate why accuracy is low, and why so many analyses result in errors.

References

[1]

Shahid Alam, Zhengyang Qu, Ryan Riley, Yan Chen, and Vaibhav Rastogi. Droidnative: Automating and optimizing detection of android native code malware variants. computers & security, 65:230--246, 2017.

[2]

Kevin Allix, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. Androzoo: Collecting millions of android apps for the research community. In 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pages 468--471. IEEE, 2016.

Digital Library

[3]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices, 49(6):259--269, 2014.

Digital Library

[4]

Henri Bal, Dick Epema, Cees de Laat, Rob van Nieuwpoort, John Romein, Frank Seinstra, Cees Snoek, and Harry Wijshoff. A medium-scale distributed system for computer science research: Infrastructure for the long term. Computer, 49(5):54--63, 2016.

Digital Library

[5]

Michael I Gordon, Deokhwan Kim, Jeff H Perkins, Limei Gilham, Nguyen Nguyen, and Martin C Rinard. Information flow analysis of android applications in droidsafe. In NDSS, volume 15, page 110, 2015.

[6]

Uday Khedker, Amitabha Sanyal, and Bageshri Sathe. Data flow analysis: theory and practice. CRC Press, 2009.

Digital Library

[7]

Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. Iccta: Detecting inter-component privacy leaks in android apps. In Proceedings of the 37th International Conference on Software Engineering-Volume 1, pages 280--291. IEEE Press, 2015.

[8]

Li Li, Tegawendé F Bissyandé, Damien Octeau, and Jacques Klein. Reflection-aware static analysis of android apps. In 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 756--761. IEEE, 2016.

Digital Library

[9]

Damien Octeau, Daniel Luchaup, Somesh Jha, and Patrick McDaniel. Composite constant propagation and its application to android program analysis. IEEE Transactions on Software Engineering, 42(11):999--1014, 2016.

Digital Library

[10]

Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in android: An essential step towards holistic security analysis. In Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13), pages 543--558, 2013.

[11]

Felix Pauck, Eric Bodden, and Heike Wehrheim. Do android taint analysis tools keep their promises? In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 331--341. ACM, 2018.

Digital Library

[12]

Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security, page 5. ACM, 2014.

[13]

Lina Qiu, Yingying Wang, and Julia Rubin. Analyzing the analyzers: Flowdroid/iccta, amandroid, and droidsafe. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 176--186. ACM, 2018.

Digital Library

[14]

Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 329--334. ACM, 2013.

Digital Library

[15]

Statcounter. Mobile operating system market share worldwide. http://gs.statcounter.com/os-market-share/mobile/worldwide. Accessed:2019-02-08.

[16]

Statista. Number of mobile phone users worldwide from 2015 to 2020 (in billions). https://www.statista.com/statistics/274774/forecast-of-mobile-phone-users-worldwide/. Accessed:2019-02-08.

[17]

Fengguo Wei, Yuping Li, Sankardas Roy, Xinming Ou, and Wu Zhou. Deep ground truth analysis of current android malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'17), pages 252--276, Bonn, Germany, 2017. Springer.

[18]

Fengguo Wei, Xingwei Lin, Xinming Ou, Ting Chen, and Xiaosong Zhang. Jn-saf: Precise and efficient ndk/jni-aware inter-language static analysis framework for security vetting of android applications with native code. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1137--1150. ACM, 2018.

Digital Library

[19]

Fengguo Wei, Sankardas Roy, Xinming Ou, et al. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 1329--1341. ACM, 2014.

Digital Library

Cited By

Cao JGuo FQu Y(2024)JNFuzz-Droid: A Lightweight Fuzzing and Taint Analysis Framework for Android Native Code2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00033(255-266)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00033
Zhang JWang YQiu LRubin J(2022)Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafeIEEE Transactions on Software Engineering10.1109/TSE.2021.310956348:10(4014-4040)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TSE.2021.3109563
Li ZFeng G(2020)Inter-Language Static Analysis for Android Application Security2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)10.1109/ICISCAE51034.2020.9236807(647-650)Online publication date: 27-Sep-2020
https://doi.org/10.1109/ICISCAE51034.2020.9236807

Index Terms

Meizodon: Security Benchmarking Framework for Static Android Malware Detectors
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Permission-Educator: App for Educating Users About Android Permissions
Intelligent Human Computer Interaction
Abstract
Cyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, ...
Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers

Android platform has dominated the markets of smart mobile devices in recent years. The number of Android applications (apps) has seen a massive surge. Unsurprisingly, Android platform has also become the primary target of attackers. The management of ...
ADAM: Automatic Detection of Android Malware
Innovative Security Solutions for Information Technology and Communications
Abstract
The popularity of the Android operating system has been rising ever since its initial release in 2008. This is due to two major reasons. The first is that Android is open-source, due to which a lot of mobile manufacturing companies use some form ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CECC 2019: Proceedings of the Third Central European Cybersecurity Conference

November 2019

134 pages

ISBN:9781450372961

DOI:10.1145/3360664

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

University of Maribor

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CECC 2019

CECC 2019: Central European Cybersecurity Conference

November 14 - 15, 2019

Munich, Germany

Acceptance Rates

CECC 2019 Paper Acceptance Rate 19 of 35 submissions, 54%;

Overall Acceptance Rate 38 of 65 submissions, 58%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
114
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cao JGuo FQu Y(2024)JNFuzz-Droid: A Lightweight Fuzzing and Taint Analysis Framework for Android Native Code2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00033(255-266)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00033
Zhang JWang YQiu LRubin J(2022)Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafeIEEE Transactions on Software Engineering10.1109/TSE.2021.310956348:10(4014-4040)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TSE.2021.3109563
Li ZFeng G(2020)Inter-Language Static Analysis for Android Application Security2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)10.1109/ICISCAE51034.2020.9236807(647-650)Online publication date: 27-Sep-2020
https://doi.org/10.1109/ICISCAE51034.2020.9236807

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents