AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph

Wu, Tianjun; Yang, Yuexiang

doi:10.1007/978-3-319-49145-5_9

Tianjun Wu¹⁷ &
Yuexiang Yang¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10067))

Included in the following conference series:

International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage

923 Accesses

Abstract

Dynamic analyzing techniques play an important and unique role in detecting Android malware and vulnerabilities, as they can provide higher precision than static methods. However, they are inherently incomplete and inefficiency. We attack this problem by proposing a novel method, i.e., concolic walking along the event-dependency graph. We implement AppWalker based on it. Evaluation over a real-life app set shows that better efficiency and accuracy than state-of-the-art concolic analysis tools are achieved.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Acteve, benchmark, and corresponding coverage measurement tools are all taken from the AndroidTest [13] project.

References

Arzt, S., Rasthofer, S., Fritz, C.: FlowDroid. ACM Sigplan Not. 49(6), 259–269 (2014)
Article Google Scholar
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). IEEE Symp. Secur. Priv. 7, 317–331 (2010)
Google Scholar
Anand, S., Naik, M., Harrold, M.J.: Automated concolic testing of smartphone apps. In: International Symposium on the Foundations of Software Engineering, pp. 1–11 (2012)
Google Scholar
Yang, Z., Yang, M., Zhang, Y.: AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: ACM Sigsac Conference on Computer & Communications Security, pp. 1043–1054 (2013)
Google Scholar
Dinges, P., Agha, G.: Solving complex path conditions through heuristic search on induced polytopes. In: ACM Sigsoft International Symposium, pp. 425–436 (2014)
Google Scholar
Schutte, J., Fedler, R., Titze, D.: ConDroid: targeted dynamic analysis of android applications. In: IEEE Conference on Advanced Information Networking and Applications, pp. 571–578 (2015)
Google Scholar
Wong, M.Y.Y.: Targeted dynamic analysis for android malware. Dissertations & Theses Gradworks (2015)
Google Scholar
He, J., Yang, Y.X., Qiao, Y.: Accurate classification of P2P traffic by clustering flows. China Commun. 10(11), 42–51 (2013)
Article Google Scholar
Zhang, Z.N., Li, D.S., Wu, K.: VMThunder: fast provisioning of large-scale virtual machine clusters. IEEE Trans. Parallel Distrib. Syst. 25(12), 3328–3338 (2014)
Article Google Scholar
Zhang, Z.N., Li, D.S., Wu, K.: Large-scale virtual machines provisioning in clouds: challenges and approaches. Front. Comput. Sci. 10(1), 2–18 (2016)
Article Google Scholar
Svajcer, V.: Sophos mobile security threat report. http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.pdf
Ali: mobile vulnerability annual report (2015). http://jaq.alibaba.com/community/index
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Conference on Operating Systems Design and Implementation, pp. 1–6 (2010)
Google Scholar
Shauvik, R.C., Alessandra, G., Alessandro, O.: Automated test input generation for android: are we there yet? In: International Conference on Automated Software Engineering, pp. 44–52 (2015)
Google Scholar

Download references

Acknowledgments

The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped to improve the quality of this paper. This work was supported by the National Natural Science Foundation of China under Grants Nos. 61170286, 61202486.

Author information

Authors and Affiliations

College of Computer, National University of Defense Technology, Changsha, 410073, China
Tianjun Wu & Yuexiang Yang

Authors

Tianjun Wu
View author publications
You can also search for this author in PubMed Google Scholar
Yuexiang Yang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tianjun Wu .

Editor information

Editors and Affiliations

Guangzhou University, Guangzhou, China
Guojun Wang
Colorado State University, Fort Collins, Colorado, USA
Indrakshi Ray
University of the West of Scotland, Paisley, Glasgow, United Kingdom
Jose M. Alcaraz Calero
Indian Institute of Information Technology and Management Kerala (IIITM-K), Trivandrum, Kerala, India
Sabu M. Thampi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wu, T., Yang, Y. (2016). AppWalker: Efficient and Accurate Dynamic Analysis of Apps via Concolic Walking Along the Event-Dependency Graph. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy and Anonymity in Computation, Communication and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10067. Springer, Cham. https://doi.org/10.1007/978-3-319-49145-5_9

Download citation

DOI: https://doi.org/10.1007/978-3-319-49145-5_9
Published: 10 November 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49144-8
Online ISBN: 978-3-319-49145-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics