Abstract
Dynamic analyzing techniques play an important and unique role in detecting Android malware and vulnerabilities, as they can provide higher precision than static methods. However, they are inherently incomplete and inefficiency. We attack this problem by proposing a novel method, i.e., concolic walking along the event-dependency graph. We implement AppWalker based on it. Evaluation over a real-life app set shows that better efficiency and accuracy than state-of-the-art concolic analysis tools are achieved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Acteve, benchmark, and corresponding coverage measurement tools are all taken from the AndroidTest [13] project.
References
Arzt, S., Rasthofer, S., Fritz, C.: FlowDroid. ACM Sigplan Not. 49(6), 259–269 (2014)
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). IEEE Symp. Secur. Priv. 7, 317–331 (2010)
Anand, S., Naik, M., Harrold, M.J.: Automated concolic testing of smartphone apps. In: International Symposium on the Foundations of Software Engineering, pp. 1–11 (2012)
Yang, Z., Yang, M., Zhang, Y.: AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: ACM Sigsac Conference on Computer & Communications Security, pp. 1043–1054 (2013)
Dinges, P., Agha, G.: Solving complex path conditions through heuristic search on induced polytopes. In: ACM Sigsoft International Symposium, pp. 425–436 (2014)
Schutte, J., Fedler, R., Titze, D.: ConDroid: targeted dynamic analysis of android applications. In: IEEE Conference on Advanced Information Networking and Applications, pp. 571–578 (2015)
Wong, M.Y.Y.: Targeted dynamic analysis for android malware. Dissertations & Theses Gradworks (2015)
He, J., Yang, Y.X., Qiao, Y.: Accurate classification of P2P traffic by clustering flows. China Commun. 10(11), 42–51 (2013)
Zhang, Z.N., Li, D.S., Wu, K.: VMThunder: fast provisioning of large-scale virtual machine clusters. IEEE Trans. Parallel Distrib. Syst. 25(12), 3328–3338 (2014)
Zhang, Z.N., Li, D.S., Wu, K.: Large-scale virtual machines provisioning in clouds: challenges and approaches. Front. Comput. Sci. 10(1), 2–18 (2016)
Svajcer, V.: Sophos mobile security threat report. http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.pdf
Ali: mobile vulnerability annual report (2015). http://jaq.alibaba.com/community/index
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Conference on Operating Systems Design and Implementation, pp. 1–6 (2010)
Shauvik, R.C., Alessandra, G., Alessandro, O.: Automated test input generation for android: are we there yet? In: International Conference on Automated Software Engineering, pp. 44–52 (2015)
Acknowledgments
The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped to improve the quality of this paper. This work was supported by the National Natural Science Foundation of China under Grants Nos. 61170286, 61202486.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Wu, T., Yang, Y. (2016). AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy and Anonymity in Computation, Communication and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10067. Springer, Cham. https://doi.org/10.1007/978-3-319-49145-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-49145-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49144-8
Online ISBN: 978-3-319-49145-5
eBook Packages: Computer ScienceComputer Science (R0)