Abstract
As shown in previous work, malware authors often reuse portions of code in the development of their samples. Especially in the mobile scenario, there exists a phenomena, called piggybacking, that describes the act of embedding malicious code inside benign apps. In this paper, we leverage such observations to analyze mobile malware by looking at its similarities. In practice, we propose a novel approach that identifies and extracts code similarities in mobile apps. Our approach is based on static analysis and works by computing the Control Flow Graph of each method and encoding it in a feature vector used to measure similarities. We implemented our approach in a tool, GroupDroid, able to group mobile apps together according to their code similarities. Armed with Group-Droid, we then analyzed modern mobile malware samples. Our experiments show that GroupDroid is able to correctly and accurately distinguish different malware variants, and to provide useful nd detailed information about the similar portions of maliciouscode.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 7th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2017 |
| Publisher | Association for Computing Machinery (ACM) |
| ISBN (Electronic) | 9781450353878 |
| DOIs | |
| Publication status | Published - 5 Dec 2017 |
| Externally published | Yes |
| Event | 7th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2017 - Hilton Orlando Lake Buena Vista, Orlando, United States Duration: 4 Dec 2017 → 5 Dec 2017 Conference number: 7 http://www.pprew.org/2017-7/program.htm |
Publication series
| Name | ACM International Conference Proceeding Series |
|---|
Conference
| Conference | 7th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2017 |
|---|---|
| Abbreviated title | SSPREW 2017 |
| Country | United States |
| City | Orlando |
| Period | 4/12/17 → 5/12/17 |
| Internet address |
Keywords
- Malware
- Mobile
- Similarity