Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Defining and Detecting Environment Discrimination in Android Apps

Download
169 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_26,
    author={Yunfeng Hong and Yongjian Hu and Chun-Ming Lai and S. Felix Wu and Iulian Neamtiu and Patrick McDaniel and Paul Yu and Hasan Cam and Gail-Joon Ahn},
    title={Defining and Detecting Environment Discrimination in Android Apps},
    proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
    proceedings_a={SECURECOMM},
    year={2018},
    month={4},
    keywords={Android Malware detection Environment discrimination},
    doi={10.1007/978-3-319-78813-5_26}
}
  • Yunfeng Hong
    Yongjian Hu
    Chun-Ming Lai
    S. Felix Wu
    Iulian Neamtiu
    Patrick McDaniel
    Paul Yu
    Hasan Cam
    Gail-Joon Ahn
    Year: 2018
    Defining and Detecting Environment Discrimination in Android Apps
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_26
Yunfeng Hong1,*, Yongjian Hu1,*, Chun-Ming Lai1,*, S. Felix Wu1,*, Iulian Neamtiu2,*, Patrick McDaniel3,*, Paul Yu4,*, Hasan Cam4,*, Gail-Joon Ahn5,*
  • 1: University of California
  • 2: New Jersey Institute of Technology
  • 3: Pennsylvania State University
  • 4: U.S. Army Research Laboratory
  • 5: Arizona State University
*Contact email: yfhong@ucdavis.edu, yhu009@cs.ucr.edu, cmlai@ucdavis.edu, sfwu@ucdavis.edu, iulian.neamtiu@njit.edu, mcdaniel@cse.psu.edu, paul.l.yu.civ@mail.mil, hasan.cam.civ@mail.mil, Gail-Joon.Ahn@asu.edu

Abstract

Environment discrimination—a program behaving differently on different platforms—is used in many contexts. For example, malware can use environment discrimination to thwart detection attempts: as malware detectors employ automated dynamic analysis while running the potentially malicious program in a virtualized environment, the malware author can make the program virtual environment-aware so the malware turns off the nefarious behavior when it is running in a virtualized environment. Therefore, an approach for detecting environment discrimination can help security researchers and practitioners better understand the behavior of, and consequently counter, malware. In this paper we formally define environment discrimination, and propose an approach based on abstract traces and symbolic execution to detect discrimination in Android apps. Furthermore, our approach discovers what API calls expose the environment information to malware, which is a valuable reference for virtualization developers to improve their products. We also apply our approach to the real malware and third-party-researcher designed benchmark apps. The result shows that the algorithm and framework we proposed achieves 97% accuracy.

Keywords
Android Malware detection Environment discrimination
Published
2018-04-26
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-78813-5_26
Copyright © 2017–2024 EAI