Considering the pervasiveness of mobile devices, malicious writers are constantly focusing their attention in developing malicious payload aimed to gather sensible information from mobile devices without user content. As a matter of fact, it is really easy for malware writers to embed malicious payloads into legitimate applications, by applying the so-called repackaging paradigm, to generate a sample with a signature unknown to anti-malware software. In this paper we propose a twofold approach for the triage and the detection of repackaged Android applications. We propose a visualization schema to assist the malware analyst in the triage of unseen applications and a set of metrics for the automatic detection of repackaged applications. Experimental results show the effectiveness of the proposed approach.
VisualDroid: Automatic triage and detection of Android repackaged applications
Casolare R.;De Dominicis C.;Mercaldo F.;Santone A.
2020-01-01
Abstract
Considering the pervasiveness of mobile devices, malicious writers are constantly focusing their attention in developing malicious payload aimed to gather sensible information from mobile devices without user content. As a matter of fact, it is really easy for malware writers to embed malicious payloads into legitimate applications, by applying the so-called repackaging paradigm, to generate a sample with a signature unknown to anti-malware software. In this paper we propose a twofold approach for the triage and the detection of repackaged Android applications. We propose a visualization schema to assist the malware analyst in the triage of unseen applications and a set of metrics for the automatic detection of repackaged applications. Experimental results show the effectiveness of the proposed approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.