Umeå University's logo

umu.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On the (in)effectiveness of static logic bomb detector for android apps
University of Luxembourg, Luxembourg.
Umeå University, Faculty of Science and Technology, Department of Computing Science. University of Luxembourg, Luxembourg; University of Copenhagen, Copenhagen, Denmark.ORCID iD: 0000-0003-1383-0372
2022 (English)In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 19, no 6, p. 3822-3836Article in journal (Refereed) Published
Abstract [en]

Android is present in more than 85% of mobile devices, making it a prime target for malware. Malicious code is becoming increasingly sophisticated and relies on logic bombs to hide itself from dynamic analysis. In this article, we perform a large scale study of TSOpen , our open-source implementation of the state-of-the-art static logic bomb scanner TriggerScope , on more than 500k Android applications. Results indicate that the approach scales. Moreover, we investigate the discrepancies and show that the approach can reach a very low false-positive rate, 0.3%, but at a particular cost, e.g., removing 90% of sensitive methods. Therefore, it might not be realistic to rely on such an approach to automatically detect all logic bombs in large datasets. However, it could be used to speed up the location of malicious code, for instance, while reverse engineering applications. We also present TrigDB a database of 68 Android applications containing trigger-based behavior as a ground-truth to the research community.
Place, publisher, year, edition, pages
IEEE, 2022. Vol. 19, no 6, p. 3822-3836
Keywords [en]
Logic bombs, trigger analysis, static analysis, android applications security
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:umu:diva-189817DOI: 10.1109/tdsc.2021.3108057ISI: 000881987900017Scopus ID: 2-s2.0-85113897255OAI: oai:DiVA.org:umu-189817DiVA, id: diva2:1613395
Funder
Wallenberg AI, Autonomous Systems and Software Program (WASP)Available from: 2021-11-22 Created: 2021-11-22 Last updated: 2024-07-02Bibliographically approved

Open Access in DiVA

fulltext(946 kB)223 downloads
File information
File name FULLTEXT02.pdfFile size 946 kBChecksum SHA-512
a245c85e82f74702140b860daa00267731d38a4ff7f61a89f8f25f3534ce3c4d145b5a0f0e104497865d2f8ac530403819c93e02ced520b1943d6c1ea616fe9a
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Bartel, Alexandre

Search in DiVA

By author/editor
Bartel, Alexandre
By organisation
Department of Computing Science
In the same journal
IEEE Transactions on Dependable and Secure Computing
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 280 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 322 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Umeå University Library
|
Register in DiVA
|
Support
|
Search DiVA Portal