Login | Register

Leveraging the Use of API Call Traces for Mobile Security


Leveraging the Use of API Call Traces for Mobile Security

Khanmohammadi, Kobra (2019) Leveraging the Use of API Call Traces for Mobile Security. PhD thesis, Concordia University.

[thumbnail of Khanmohammadi_PhD_S2020.pdf]
Text (application/pdf)
Khanmohammadi_PhD_S2020.pdf - Accepted Version
Available under License Spectrum Terms of Access.


The growing popularity of Android applications has generated increased concerns over the danger of piracy and the spread of malware. A popular way to distribute malware in the mobile world is through the repackaging of legitimate apps. This process consists of downloading, unpacking, manipulating, recompiling an application, and publishing it again in an app store. In this thesis, we conduct an empirical study of over 15,000 apps to gain insights into the factors that drive the spread of repackaged apps. We also examine the motivations of developers who publish repackaged apps and those of users who download them, as well as the factors that determine which apps are chosen for repackaging, and the ways in which the apps are modified during the repackaging process. We have also studied android applications structure to investigate the locations where malicious code are more probable to be embedded into legitimate applications. We observed that service components contain key characteristics that entice attackers to misuse them. Therefore, we have focus on studying the behavior of malicious and benign services. Whereas benign services tend to inform the user of the background operations, malicious services tend to do long running operations and have a loose connection with rest of the code. These findings lead us to propose an approach to detect malware by studying the services’ behavior. To model the services’ behavior, we used API calls as feature sets. We proposed a hybrid approach using static and dynamic analysis to extract the API calls through the service lifecycle. Finally, we used the list of API calls preponderantly present in both malware as well as benign services as the feature set. We applied machine learning algorithms to use the feature set to classify malicious services and benign services.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science
Item Type:Thesis (PhD)
Authors:Khanmohammadi, Kobra
Institution:Concordia University
Degree Name:Ph. D.
Program:Electrical and Computer Engineering
Date:21 October 2019
Thesis Supervisor(s):Hamou-Lhadj, Abdelwahab and Khoury, Raphaël
ID Code:986500
Deposited On:25 Jun 2020 18:44
Last Modified:25 Jun 2020 18:44


Aafer Y, Du W, Yin H (2013) DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In: International conference on security and privacy in communication systems. Springer, Cham, pp. 86–103
AdMob and AdSense policies. https://support.google.com/admob/answer/6128543?hl=en, Accessed 25 Feb 2019a
Alam MS, Vuong ST (2013) Random Forest Classification for Detecting Android Malware. In: 2013 IEEE international conference on green computing and communications and IEEE Internet of Things and IEEE cyber, physical and social computing, pp 663-669
Alazab M, Venkataraman S, Watters P (2010) Towards Understanding Malware Behaviour by the Extraction of API Calls. In: 2010 Second Cybercrime and Trustworthy Computing Workshop, IEEE, pp 52–59
Aldini A, Martinelli F, Saracino A, Sgandurra D (2015) Detection of repackaged mobile applications through a collaborative approach. Concurrency and Computation: Practice and Experience, Vol. 27, No. 11, pp 2818-2838
Android Developer Documentation (2018) https://developer.android.com/reference/dalvik/system/package-summary. Accessed 3 Mar 2018
Arora A, Garg S, Peddoju SK (2014) Malware Detection Using Network Traffic Analysis in Android Based Mobile Devices. In: 2014 Eighth International Conference on Next Generation Mobile Apps, Services and Technologies. IEEE, pp 66–71
Arp D, Spreitzenbarth M, Malte H, Gascon H, Rieck K (2014) DREBIN : Effective and Explainable Detection of Android Malware in Your Pocket. In: NDSS, Vol. 14, pp 23–26
Arzt S (2012) DroidBench, https://github.com/secure-software-engineering/DroidBench, Accesse 26 Jul 2018
Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, Mcdaniel P (2014) FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. ACM Sigplan Notes, Vol. 49, No. 6, pp 259–269
Au K W Y, Zhou YF, Huang Z, Lie D (2012) PScout : Analyzing the Android Permission Specification. In: CCS ’12 Proceedings of the 2012 ACM Conference on Computer and Communications Security. pp 217–228
Ballano M (2011) Pjapps, https://www.symantec.com/connect/blogs/android-threats-getting-steamy, Accesse 26 Jul 2018
Bartel A, Klein J, Monperrus M, Traon Y Le (2012) Dexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot. In: ACM SIGPLAN International Workshop on State of the Art in Java Program analysis. ACM, pp 27–38
Backes M, Bugiel S, Derr E (2016) Reliable Third-Party Library Detection in Android and its Security Applications. In: 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp. 356–367
Book T, Pridgen A, Wallach DS (2013) Longitudinal Analysis of Android Ad Library Permissions. IEEE Mobile Security Technology, ArXiv:1303.0857
Breiman L (2001) Random forests. Mach Learn, Vol. 45, No. 1, pp 5–32
Burguera I, Zurutuza U, Nadjm-Tehrani S (2011) Crowdroid: Behavior-Based Malware Detection System for Android. In: 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM ’11. ACM, pp 15–26
Canfora G, Mercaldo F, Visaggio CA (2013) A classifier of Malicious Android Applications. In: Eighth International Conference on Availability, Reliability and Security (ARES). IEEE, pp 607–614
Chawla N V., Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: Synthetic minority over-sampling technique. Journal of artificial intelligence research, 16, pp 321-357
Chen J, Alalfi MH, Dean TR, Zou Y (2015a) Detecting Android Malware Using Clone Detection. Journal of Computer Science and Technology, Vol. 30, No. 5, pp 942-956
Chen K, Liu P, Zhang Y (2014) Achieving accuracy and scalability simultaneously in detecting application clones on Android markets. In: 36th International Conference on Software Engineering - ICSE 2014. pp 175–186
Chen K, Wang P, Lee Y, Wang X, Zhang N, Huang H, Zou W, Liu P (2015b) Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale. In: 24th USENIX Security Symposium (USENIX Security 15). pp 659–674
Chen X, Li C, Wang D, Wen S, Zhang J, Nepal S, Xiang Y, Ren K (2019) Android HIV: A study of repackaging malware for evading machine-learning detection. IEEE Transactions on Information Forensics and Security, Vol. 15, pp 987-1001
Chien E (2005) Techniques of Adware and Spyware. In: Fifteenth Virus Bulletin Conference (Vol. 47). Dublin Ireland
Crussell J, Gibler C, Chen H (2015) AnDarwin: Scalable Detection of Android Application Clones Based on Semantics. IEEE Transaction on Mobile Computing, Vol. 14, No. 10, pp 2007–2019
Crussell J, Gibler C, Chen H (2012) Attack of the clones: Detecting cloned applications on Android markets. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). pp 37–54
Crussell J, Stevens R, Chen H (2014) MadFraud : Investigating Ad Fraud in Android Applications. In: 12th annual international conference on Mobile systems, applications, and services. ACM, pp 123–134
Desnos A (2015) Androguard: Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !). https://github.com/androguard/androguard. Accessed 19 Jul 2018
dex2jar Tools (2018), https://github.com/pxb1988/dex2jar/wiki, Accessed 3 March 2018
Dominguez K (2011) BgServ, https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/AndroidOS_BGSERV.A, Accessed 3 March 2018
Dong F, Wang H, Li L, Guo Y, Bissyande TF, Liu T, Xu G, Klein J (2018a) FraudDroid : Automated Ad Fraud Detection for Android Apps. In: 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp 257-268
Dong S, Li M, Diao W, Liu X, Liu J, Li Z, Xu F, Chen K, Wang X, Zhang K (2018b) Understanding Android Obfuscation Techniques : A Large-Scale Investigation in the Wild. In: International Conference on Security and Privacy in Communication Systems, Springer, Cham, pp 172-192
Enck W, Cox LP, Gilbert P, Mcdaniel P (2014) TaintDroid : An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM Transaction on Computer Systems, Vol. 32, No.2, pp 1-29
Erturk E (2012) A Case Study in Open Source Software Security and Privacy : Android Adware. In: 2012 World Congress on Internet Security (WorldCIS). IEEE, pp 189–191
Fan W, Liu Y, Tang B (2015) An API calls monitoring-based method for effectively detecting malicious repackaged applications. International Journal of Security and Its Applications, Vol. 9, No. 8, pp 221-230
Fedler R, Kulicke M, Schütte J (2013) Native code execution control for attack mitigation on android. In: Third ACM workshop on Security and privacy in smartphones and mobile devices. ACM, pp 15-20
Fix E, Joseph L, Hodges J (1951) Discriminatory analysis-nonparametric discrimination: consistency properties. USAF school of Aviation Medicine
Forman I R, Forman N (2004) Java Reflection in Action. Manning Publications
Gao J, Li L, Tegawend PK (2019) Should You Consider Adware as Malware in Your Study ? In: 26th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, pp 604–608
Gascon H, Yamaguchi F, Rieck K, Arp D (2013) Structural Detection of Android Malware using Embedded Call Graphs Categories and Subject Descriptors. In: ACM workshop on Artificial intelligence and Security. ACM, pp 45–54
Gonzalez H, Kadir AA, Stakhanova N, Alzahrani AJ, Ghorbani AA (2014) Exploring Reverse Engineering Symptoms in Android apps. In: The Eighth European Workshop on System Security. ACM, pp 1-7
Google Inc. (2012) Cloud to Device Messaging (Deprecated). https://developers.google.com/android/c2dm/. Accessed 23 Jul 2018
Grace M, Zhou Y, Zhang Q, Zou S, Jiang X (2012) RiskRanker: Scalable and Accurate Zero-day Android Malware Detection. In: 10th International Conference on Mobile Systems, Applications, and Services, pp 281–294
Guan Q, Huang H, Luo W, Zhu S (2016) Semantics-based repackaging detection for mobile apps. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), pp 89–105
Gupta S. (2013) Types of Malware and its Analysis. In: International Journal of Scientific and Engineering Research, Vol. 4, No. 1
Hammad M, Garcia J, Malek S (2018) A Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products. In: 40th International Conference on Software Engineering. ACM, pp 421–431.
Hamou-Lhadj A, Murtaza S. S, Fadel W, Mehrabian A, Couture M, Khoury R (2013) Software Behaviour Correlation in a Redundant and Diverse Environment Using the Concept of Trace Abstraction. In: Proc. of the ACM 2013 Research in Adaptive and Convergent Systems Conference (RACS'13), pp 328–335
Hanna S, Huang L, Wu E, Li S, Chen C, Song D (2013) Juxtapp: A scalable system for detecting code reuse among android applications. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, Berlin, Heidelberg, pp 62-81
He Z, Ye G, Yuan L, Tang Z, Wang X, Ren J, Wang W, Yang J, Fang D, Wang Z (2019) Exploiting Binary-level Code Virtualization to Protect Android Applications Against App Repackaging. IEEE Access (Vo. 7), pp 115062-115074
Hu W, Tao J, Ma X, Zhou W, Zhao S, Han T (2014) MIGDroid: Detecting APP-Repackaging Android malware via method invocation graph. In: International Conference on Computer Communications and Networks, ICCCN. pp 1–7
Huang A (2008) Similarity Measures for Text Document Clustering. In: 6th new zealand computer science research student conference. pp 49–56.
Huang H, Zhu S, Liu P, Wu D (2013) A Framework for Evaluating Mobile App Repackaging Detection Algorithms. In: International Conference on Trust and Trustworthy Computing. Springer, Berlin, Heidelberg, pp 169–186
Hurier M, Suarez-Tangil G, Dash SK, Bissyande TF, Le Traon Y, Klein J, Cavallaro L (2017) Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware. In: IEEE International Working Conference on Mining Software Repositories. pp 425–435
Islam R, Altas I (2012) A Comparative Study of Malware Family Classification. In International Conference on Information and Communications Security, Springer, Berlin, Heidelberg, pp 488-496
Jiang X (2011a) DroidKungFu, https://www.csc2.ncsu.edu/faculty/xjiang4/DroidKungFu.html, Accesse 26 Jul 2018
Jiang X (2011b) GingerMaster, https://www.csc2.ncsu.edu/faculty/xjiang4/GingerMaster/, Accesse 26 Jul 2018
Jiang X (2011c) HippoSMS, https://www.csc2.ncsu.edu/faculty/xjiang4/HippoSMS/, Accessed 26 Jul 2018
Jiang X (2011d) Plankton, https://www.csc2.ncsu.edu/faculty/xjiang4/Plankton/, Accessed 26 Jul 2018
Jiang X (2011e) SndApps, https://www.csc2.ncsu.edu/faculty/xjiang4/SndApps/, Accessed 26 Jul 2018
Jiao S, Cheng Y, Ying L, Su P, Feng D (2015) A Rapid and Scalable Method for Android Application Repackaging Detection. In: Lecture Notes in Computer Science. pp 349–364
Khanmohammadi K, Hamou-Lhadj A (2017) HyDroid: A Hybrid Approach for Generating API Call Traces from Obfuscated Android Applications for Mobile Security. In: IEEE International Conference on Software Quality, Reliability and Security (QRS), Prague, Czech Republic, pp 168-175
Khanmohammadi K, Ebrahimi N, Hamou-Lhadj A, Khoury R (2019a) Empirical Study of Android Repackaged Applications. Empirical Software Engineering, Vol. 24, No. 6, pp 3587-3629
Khanmohammadi K, Hamou-Lhadj A, Razgallah A, Khoury R (2019b) On the Use of API Calls to Detect Repackaged Malware Apps: Challenges and Ideas. In: the 30th International Symposium on Software Reliability Engineering (ISSRE 2019).
Khanmohammadi K, Rejali M, Hamou-Lhadj A (2015) Understanding the Service Life Cycle of Android Apps: An Exploratory Study. In: 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Denver, US, pp 81-86
Khoury R, Hamou-Lhadj A and Couture M (2012) Towards a Formal Framework for Evaluating the Effectiveness of Diversity when Applied to Security. In: Proc. of the IEEE Symposium on Computational Intelligence for Security and Defence Applications (CISDA'12), IEEE Computational Intelligence Society, pp 1-7
Kohavi R (1995) A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection. Ijcai, Vol. 14, No. 2, pp 1137–1145
Kornblum J (2006) Identifying almost identical files using context triggered piecewise hashing. In: Digital Investigation. pp 91–97
Khreich W, Khosravifar B, Hamou-Lhadj A, Talhi C (2017) An anomaly detection system based on variable N-gram features and one-class SVM. In: Elsevier Journal of Information & Software Technology (IST), 91: 186-197
Kumar M (2017) Beware! New Android Malware Infected 2 Million Google Play Store Users. https://thehackernews.com/2017/04/android-malware-playstore.html. Accessed 19 Jul 2018
Kywe SM, Li Y, Deng RH, Hong J (2014) Detecting camouflaged applications on mobile application markets. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). pp 241–254
Lee YK, Lim JD, Jeon YS, Kim JN (2014) Protection method from APP repackaging attack on mobile device with separated domain. In: International Conference on ICT Convergence. pp 667–668
Leka O (2016) Database of Android Apps | Kaggle. https://www.kaggle.com/orgesleka/android-apps/data. Accessed 19 Jul 2018.
Li L, Bissyandé TF, Klein J (2018) MoonlightBox: Mining Android API Histories for Uncovering Release-time Inconsistencies. In: 29th IEEE International Symposium on Software Reliability Engineering (ISSRE 2018), IEEE, pp 212-223
Li L, Bissyandé TF, Octeau D, Klein J (2016) DroidRA : Taming Reflection to Support Whole-Program Analysis of Android Apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis. ACM, pp 318–329
Li L, Gao J, Hurier M, Kong P, Bissyandé TF, Bartel A, Klein J, Traon Y Le (2017a) AndroZoo++: Collecting Millions of Android Apps and Their Metadata for the Research Community. doi: 10.1145/2901739.2903508
Li L, Li D, Bissyande TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017b) Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting. In: IEEE Transactions on Information Forensics and Security. IEEE, pp 359–361
Li L, Tegawendé Bissyandé, Jacques Klein(2019) Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark, IEEE Transactions on Software Engineering
Li Y, Sundaramurthy SC, Bardas AG, et al. (2015) Experimental Study of Fuzzy Hashing in Malware Clustering Analysis. In: 8th Workshop on Cyber Security Experimentation and Test (CSET 15).
Lin YD, Lai YC, Chen CH, Tsai HC (2013) Identifying android malicious repackaged applications by thread-grained system call sequences. Computers and Security, Vol. 39, pp 340-350
Linares-Vásquez M, Holtzhauer A, Bernal-Cárdenas C, Poshyvanyk D (2014) Revisiting Android reuse studies in the context of code obfuscation and library usages. In: 11th Working Conference on Mining Software Repositories - MSR 2014. pp 242–251
Liu B, California S, Nath S, Nsdi I (2014) DECAF : Detecting and Characterizing Ad Fraud in Mobile Apps. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). pp 57–70
Luo L, Fu Y, Wu D, Zhu S, Liu P (2016) Repackage-proofing Android Apps. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, pp 550–561
Mariconti E, Onwuzurike L, Andriotis P, De Cristofaro E, Ross G, Stringhini G (2017) MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. In: 24th Network and Distributed System Security Symposium, arXiv preprint arXiv:1612.04433
Ma Z, Wang H, Guo Y, Chen X (2016) LibRadar : Fast and Accurate Detection of Third-party Libraries in Android Apps. In: the 38th international conference on software engineering companion. ACM, pp. 653–656
Maly F, Kriz P (2015) An Ad Hoc mobile cloud and its dynamic loading of modules into a mobile device running Google android. In: New Trends in Intelligent Information and Database Systems. Springer, Cham, pp 191–198
McAfee (2018) McAfee Threats Reports. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-dec-2018.pdf. Accessed 19 June 2019
Microsoft Advertising. https://advertising.microsoft.com/home. Accessed 25 Feb 2019b
Mojica IJ, Adams B, Nagappan M, Dienst S, Berger T, Hassan AE (2014) A Large Scale Empirical Study on Software Reuse in Mobile Apps. Software, IEEE Vol. 31, No. 2, pp 78–86
Mojica IJ, Nagappan M, Adams B, Hassan AE (2012) Understanding Reuse in the Android Market. In: 2012 IEEE 20th International Conference on Program Comprehension (ICPC), pp 113–122
Mulliner C, Robertson W, Kirda E (2014) VirtualSwindle : An Automated Attack Against In-App Billing on Android. In: 9th ACM symposium on Information, computer and communications security. ACM, pp 459–470
Nguyen T, Mcdonald J, Glisson W, Andel T (2020) Detecting Repackaged Android Applications Using Perceptual Hashing. In: 53rd Hawaii International Conference on System Sciences. In: Software Development for Mobile Devices, the Internet-of-Things, and Cyber-Physical Systems
Octeau D, Mcdaniel P, Bodden E (2013) Effective Inter-Component Communication Mapping in Android with Epicc : An Essential Step Towards Holistic Security Analysis. In: 22nd USENIX Security Symposium (USENIX Security 13). pp 543–558
OWASP (2016) Mobile Top 10 2016-Top 10 - OWASP. https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10. Accessed 19 Jul 2018
Pan X, Wang X, Duan Y, Wang X, Yin H (2017) Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps. In: 2017 Network Distribution System Security Symposium. doi: 10.14722/ndss.2017.23265
Petsas T, Voyatzis G, Athanasopoulos E, Polychronakis M, Ioannidis S (2014) Rage Against the Virtual Machine : Hindering Dynamic Analysis of Android Malware. In: the Seventh European Workshop on System Security. ACM, pp 1-6
Pirzadeh H, Shanian S, Hamou-Lhadj A, Alawneh A, Sharifee A (2013) Stratified Sampling of Execution Traces: Execution Phases Serving as Strata. In: Elsevier Journal of Science of Computer Programming, Special Issue on Software Evolution, Adaptability and Maintenance, 78(8), pp 1099–1118
Pirzadeh H, Agarwal A, Hamou-Lhadj A (2010) An Approach for Detecting Execution Phases of a System for the Purpose of Program Comprehension. In: the 8th International Conference on Software Engineering Research, Management & Applications (SERA 2010), pp 207 - 214
Poeplau S, Fratantonio Y, Bianchi A, Kruegel C, Vigna G (2014) Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In: NDSS, Vol. 14, pp 23–49
Potharaju R, Newell A, Nita-rotaru C, Zhang X (2012) Plagiarizing Smartphone Applications : Attack Strategies and Defense Techniques. In: International Symposium on Engineering Secure Software and Systems. Springer, Berlin, Heidelberg, pp 106–120.
Quinlan J. R (1986) Induction of Decision Trees. Machine Learning, Vol. 1, No. 1, pp. 81–106,
Ren C, Chen K, Liu P (2014) Droidmarking: Resilient SoftwareWatermarking for Impeding Android Application Repackaging. In Proc. of the 29th ACM/IEEE International Conference on Automated Software Engineering, pp 635–646
Rasthofer S, Arzt S, Miltenberger M, Bodden E (2015) Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis. Techincal Report, Technische Universität Darmstadt.
Rastogi V, Chen Y, Jiang X (2013) DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks. In: 8th ACM SIGSAC symposium on Information, computer and communications security, pp 329–334
Rastogi V, Shao R, Chen Y, et al (2016) Are these Ads Safe : Detecting Hidden Attacks through the Mobile App-Web Interfaces. In: The Network and Distributed System Security Symposium (NDSS)
Reina A, Fattori a, Cavallaro L (2013) A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. ACM European Workshop System Security (EuroSec), pp 1–6
Sahs J, Khan L (2012) A Machine Learning Approach to Android Malware Detection. In: European Intelligence and Security Informatics Conference. pp 141–147
Salem A, Banescu S, Pretschner A (2019) Don't Pick the Cherry: An Evaluation Methodology for Android Malware Detection Methods. arXiv preprint arXiv:1903.10560.
Sanz B, Santos I, Laorden C, Ugarte-Pedrero X, Bringas PG (2012) On the automatic categorisation of android applications. In: IEEE Consumer Communications and Networking Conference, CCNC 2012. pp 149–153
Saracino A, Sgandurra D, Dini G, Martinelli F (2016) MADAM : Effective and Efficient Behavior-based Android Malware Detection and Prevention. IEEE Transaction Dependable Secure Computing, Vol. 15, No. 1, pp 83–97
Schölkopf B, Smola AJ (2002) Support Vector Machines and Kernel Algorithms. Handb Brain Theory Neural Networks, pp 1119–1125
Symantec Report , (2010) Tapsnake, https://www.symantec.com/security_response/writeup.jsp?docid=2010-081214-2657-99&tabid=2, Accesse 26 Jul 2018
Symantec Report , (2011a) GoldDream, https://www.symantec.com/security_response/writeup.jsp?docid=2011-070608-4139-99, Accesse 26 Jul 2018
Symantec Report , (2011b) NikySpy, https://www.symantec.com/security_response/writeup.jsp?docid=2011-072714-3613-99&tabid=2, Accessed 26 Jul 2018

Shahriar H, Clincy V (2014) Detection of repackaged Android Malware. In: 9th International Conference for Internet Technology and Secured Transactions.pp 349–354
Shannon C, Weaver W (1948) THE MATHEMATICAL THEORY OF COMMUNICATION. Bell System Technology journal, Vol. 27, No. 3, pp 379–423
Shao Y, Luo X, Qian C, Zhu P, Zhang L (2014) Towards a scalable resource-driven approach for detecting repackaged Android applications. In: 30th Annual Computer Security Applications Conference (ACSAC ’14), pp 56–65
Sharif M, Lanzi A, Giffin J, Lee W (2008) Impeding Malware Analysis Using Conditional Code Obfuscation. In: Network and Distributed System Security Symposium (NDSS 2008)
Singhal A (2001) Modern Information Retrieval: A Brief Overview. IEEE Data Engineering Bull., Vol. 24, No. 4, pp 35-43
Soh C, Tan HBK, Arnatovich YL, Wang L (2015) Detecting Clones in Android Applications through Analyzing User Interfaces. In: 23rd IEEE International Conference on Program Comprehension. IEEE, pp 163–173
Sounthiraraj D, Sahs J, Garret G, Lin Z, Khan L (2014) SMV-HUNTER : Large Scale , Automated Detection of SSL / TLS Man-in-the-Middle Vulnerabilities in Android Apps. In: 21st Annual Network and Distributed System Security Symposium (NDSS’14)
Statista (2018) Rating of apps on Google Play as of May 2018. https://www.statista.com/statistics/266217/customer-ratings-of-android-applications. Accessed 26 Jul 2018
Suarez-Tangil G, Tapiador JE, Peris-Lopez P, Blasco J (2014) Dendroid: A text mining approach to analyzing and classifying code structures in Android malware families. Expert Systems with Applications, Vol. 41, No. 4, pp.1104–1117, doi: 10.1016/j.eswa.2013.07.106
Sun M, Li M, Lui JCS (2015) DroidEagle: seamless detection of visually similar Android apps. In: 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, pp 1-12
Sun M, Li X, Lui JCS, Ma RTB, Liang Z (2017) Monet: A User-oriented Behavior-based Malware Variants Detection System for Android. IEEE Transaction on Information Forensics and Security, Vol. 12, No. 5, pp 103–1112.
Sun X, Zhongyang Y, Xin Z, Mao B, Xie L (2014) Detecting Code Reuse in Android Applications Using Component-Based Control Flow Graph. In: International Information Security and Privacy Conference. pp 142–155
Statiscas (2019) Statistics and Market Data on Mobile Internet & Apps, http://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/. Accessed 4 July 2019
Symantec Report (2014) Android.Appenda. https://www.symantec.com/security-center/writeup/2012-062812-0516-99. Accessed 4 Mar 2019
Takabi H, Joshi JBD, Ahn GJ (2010) SecureCloud: Towards a comprehensive security framework for cloud computing environments. Proc - Int Comput Softw Appl Conf :393–398 . doi: 10.1109/COMPSACW.2010.74
Tam K, Khan SJ, Fattori A, Cavallaro L (2015) CopperDroid: Automatic Reconstruction of Android Malware Behaviors. In: 2015 Network and Distributed System Security Symposium
Tanner S, Vogels I, Wattenhofer R (2019) Protecting Android Apps from Repackaging Using Native Code. In: 12th International Symposium on Foundations & Practice of Security (FPS 2019).
Tian K, Yao D, Ryder BG, Tan G (2016) Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware. In: IEEE Symposium on Security and Privacy Workshops, SPW 2016. pp 262–271
Viennot N, Garcia E, Nieh J (2014) A measurement study of google play. In: 2014 ACM international conference on Measurement and modeling of computer systems, pp. 221-233, doi: 10.1145/2591971.2592003
VirusTotal (2018) Free Online Virus Malware and URL Scanner. In: Google Inc. https://www.virustotal.com/#/home/upload. Accessed 19 Jul 2018
Wang H, Guo Y, Ma Z, Chen X (2015) WuKong: a scalable and accurate two-phase approach to Android app clone detection. In: International Symposium on Software Testing and Analysis (ISSTA 2015), pp. 71–82
Winter C, Schneider M, Yannikos Y (2013) F2S2: Fast forensic similarity search through indexing piecewise hash signatures. Digital Investig, Vol. 10, No. 4, pp. 361–371, doi: 10.1016/j.diin.2013.08.003
Wiśniewski R (2012) Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. https://ibotpeaches.github.io/Apktool/. Accessed 19 Jul 2018
Wong MY, Lie D (2016) IntelliDroid : A Targeted Input Generator for the Dynamic Analysis of Android Malware. In: NDSS, Vol. 16, pp. 21-24
Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP (2012) DroidMat: Android malware detection through manifest and API calls tracing. In: 2012 7th Asia Joint Conference on Information Security, AsiaJCIS 2012. pp 62–69
Wu X, Zhang D, Su X, Li W (2015) Detect repackaged Android application based on HTTP traffic similarity. Security and Communication Networks, Vol. 8, No. 13, pp. 2257–2266, doi: 10.1002/sec.1170
Xia M (2015) BeanBot, https://github.com/mingyuan-xia/AppAudit/wiki/BeanBot-analysis-report, Accesse 26 Jul 2018
Xia M, Gong L, Lyu Y, Qi Z, Liu X (2015) Effective Real-time Android Application Auditing. In: 2015 IEEE Symposium on Security and Privacy. IEEE, pp 899–914
Xue Y, Meng G, Liu Y, Tan TH, Chen H, Sun J, Zhang J (2017) Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique. IEEE Trans Inf Forensics Secur 12(7):1529–1544 . doi: 10.1109/TIFS.2017.2661723
Xu K, Li Y, Deng RH (2016) ICCDetector: ICC-Based Malware Detection on Android. IEEE Transaction on Information Forensics and Security, Vol. 11, No. 6, pp. 1252–1264, doi: 10.1109/TIFS.2016.2523912
Yang C, Xu Z, Gu G, Yegneswaran V, Porras P (2014) DroidMiner : Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android. In: European Symposium on Research in Computer Security. pp. 163–182
Yang Z, Yang M, Wang XS (2013) AppIntent : Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. In: 2013 ACM SIGSAC conference on Computer and communications security. ACM, pp. 1043–1054
Yerima SY, Sezer S, McWilliams G, Muttik I (2013) A New Android Malware Detection Approach Using Bayesian Classification. In: 27th International Conference on Advanced Information Networking and Applications (AINA). IEEE, pp. 121–128
Yoshikawa T (2012) GPSSMSpy, http://blog.trendmicro.com/trendlabs-security-intelligence/beta-version-of-spytool-app-for-android-steals-sms-messages/, Accessed 26 Jul 2018
Yue S, Feng W, Jiang Y, Tao X, Xu C, Lu J (2017) RepDroid: an automated tool for Android application repackaging detection. In: IEEE/ACM 25th International Conference on Program Comprehension (ICPC 2017). IEEE, pp. 132–142
Zeng Q, Luo L, Qian Z, Du X, Li Z (2018) Resilient Decentralized Android Application Repackaging Detection Using Logic Bombs. In: 2018 International Symposium on Code Generation and Optimization, ACM, pp 50–61
Zeng Q, Luo L, Qian Z, Du X, Li Z, Huang C T, Farkas C (2019) Resilient User-Side Android Application Repackaging and Tampering Detection Using Cryptographically Obfuscated Logic Bombs. IEEE Transactions on Dependable and Secure Computing.
Zhang F, Huang H, Zhu S, Wu D, Liu P (2014) ViewDroid: Towards obfuscation-resilient mobile application repackaging detection. WiSec 2014 - Proc 7th ACM Conf Secur Priv Wirel Mob Networks :25–36 . doi: 10.1145/2627393.2627395
Zhang L, Niu Y, Wu X, Wang Z, Xue Y, Science C, College T (2013) A3 : Automatic Analysis of Android Malware. In: 1st International Workshop on Cloud Computing and Information Security, Atlantis Press, pp. 89–93
Zhauniarovich Y, Gadyatskaya O, Crispo B, La Spina F, Moser E (2014) FSquaDRA: Fast detection of repackaged applications. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). pp. 130–145
Zhao Y, Qian Q (2018) Android Malware Identification Through Visual Exploration of Disassembly Files. Journal Network Security, Vol. 20, No. 6, pp. 1005–1015, doi: 10.6633/IJNS.201811
Zheng C, Zhu S, Dai S, Gu G, Gong X (2012) SmartDroid : an Automatic System for Revealing UI-based. In: the second ACM workshop on Security and privacy in smartphones and mobile devices, ACM, pp 93–104
Zhou W, Wang Z, Zhou Y, Jiang X (2014) DIVILAR: Diversifying Intermediate Language for Anti-repackaging on Android Platform. In: 4th ACM conference on Data and Application Security and Privac (CODASPY ’14). pp 199–210
Zhou W, Zhang X, Jiang X (2013a) AppInk : Watermarking Android Apps for Repackaging Deterrence. In: 8th ACM SIGSAC symposium on Information, Computer and Communications Security. pp 1–12
Zhou W, Zhou Y, Grace M, Jiang X, Zou S (2013b) Fast , Scalable Detection of “ Piggybacked ” Mobile Applications. In: the third ACM conference on Data and application security and privacy, ACM, pp 185–196
Zhou W, Zhou Y, Jiang X, Ning P (2012a) Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In: the second ACM conference on Data and Application Security and Privacy, ACM, pp 317–326
Zhou Y, Jiang X (2012a) Android Malware Genome Project. http://www.malgenomeproject.org/ Accessed 10 Jul 2015
Zhou Y, Jiang X (2012b) Dissecting Android Malware: Characterization and Evolution. In: 2012 IEEE Symposium on Security and Privacy. IEEE, pp 95–109
Zhou Y, Jiang X (2013) Detecting Passive Content Leaks and Pollution in Android Applications. In: 20th Network and Distributed System Security Symposium (NDSS).
Zhou Y, Wang Z, Zhou W, Jiang X (2012b) Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. 19th Annual Network Distribution Systems Security Symposium (NDSS 2012), Vol. 25, No. 4, pp 50–52
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top