TraceDroid: Detecting Android Malware by Trace of Privacy Leakage | SpringerLink
Skip to main content
Springer Nature Link
Log in

TraceDroid: Detecting Android Malware by Trace of Privacy Leakage

  • Conference paper
  • First Online:
Wireless Algorithms, Systems, and Applications (WASA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13471))

  • 1724 Accesses

Abstract

Along with the popularity of the Android operating system, \(98\%\) of mobile malware targets Android devices [1], which has become one of the primary source for privacy leakage. Detecting malicious network transmissions in these apps is challenging because the malware hides its behavior and masquerades as benign software to evade detection. In this work, we propose TraceDroid, a framework that can automatically trace abnormally sensitive network transmissions to detect the malware. By leveraging the static and dynamic analysis, the sensitive informations can be firstly inferred from the call graph, and then, the sensitive transmissions can be detected by analyzing the network traffic per transfer and sensitive information with a machine learning classifier. We validate TraceDroid on 1444 malware and 700 benign applications. And our experiments show that TraceDroid can detect 3433 sensitive connections across 2144 apps with an accuracy of \(94\%\).

This work is supported by the National Key Research and Development Program of China (No. 2021YFB3100400), the Shandong Science Fund for Excellent Young Scholars (No. 2022HWYQ-038).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 11439
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 14299
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://virusshare.com/.

  2. 2.

    https://github.com/secure-software-engineering/DroidBench.

  3. 3.

    https://www.virustotal.com/.

References

  1. Cyber security statistics the ultimate list of stats, data & trends. purplesec.us/resources/cyber-security-statistics/

  2. Arzt, S., et al.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI (2014)

    Google Scholar 

  3. Cai, Z., He, Z.: Trading private range counting over big iot data. In: 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019, Dallas, TX, USA, July 7–10, 2019. pp. 144–153. IEEE (2019). https://doi.org/10.1109/ICDCS.2019.00023

  4. Cai, Z., He, Z., Guan, X., Li, Y.: Collective data-sanitization for preventing sensitive information inference attacks in social networks. IEEE Trans. Dependable Secur. Comput. 15(4), 577–590 (2018). https://doi.org/10.1109/TDSC.2016.2613521

    Article  Google Scholar 

  5. Cai, Z., Zheng, X.: A private and efficient mechanism for data uploading in smart cyber-physical systems. IEEE Trans. Netw. Sci. Eng. 7(2), 766–775 (2020). https://doi.org/10.1109/TNSE.2018.2830307

    Article  MathSciNet  Google Scholar 

  6. Cai, Z., Zheng, X., Wang, J., He, Z.: Private data trading towards range counting queries in internet of things. IEEE Trans. Mob. Comput. (2022)

    Google Scholar 

  7. Chen, X., et al.: Android HIV: a study of repackaging malware for evading machine-learning detection. IEEE Trans. Inf. Forensics Security 15, 987–1001 (2019)

    Article  Google Scholar 

  8. Chen, X., Zhu, S.: Droidjust: automated functionality-aware privacy leakage analysis for android applications. In: WiSec (2015)

    Google Scholar 

  9. Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI (2010)

    Google Scholar 

  10. Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., Rinard, M.C.: Information flow analysis of android applications in droidsafe. In: NDSS (2015)

    Google Scholar 

  11. Grace, M.C., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day android malware detection. In: Davies, N., Seshan, S., Zhong, L. (eds.) The 10th International Conference on Mobile Systems, Applications, and Services, MobiSys’12, Ambleside, United Kingdom - June 25–29, 2012. pp. 281–294. ACM (2012). https://doi.org/10.1145/2307636.2307663

  12. Kohavi, R., et al.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: Ijcai (1995)

    Google Scholar 

  13. Lee, J., Lee, S., Lee, H.: Screening smartphone applications using malware family signatures. Comput. Secur. 52, 234–249 (2015). https://doi.org/10.1016/j.cose.2015.02.003

    Article  Google Scholar 

  14. Lu, K., et al.: Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In: NDSS (2015)

    Google Scholar 

  15. Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists: Learning to detect malicious web sites from suspicious urls. In: KDD (2009)

    Google Scholar 

  16. Mariconti, E., Onwuzurike, L., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: Detecting android malware by building markov chains of behavioral models (2017)

    Google Scholar 

  17. Meng, Z., Xiong, Y., Huang, W., Qin, L., Jin, X., Yan, H.: Appscalpel: combining static analysis and outlier detection to identify and prune undesirable usage of sensitive data in android applications. Neurocomputing 341, 10–25 (2019). https://doi.org/10.1016/j.neucom.2019.01.105

    Article  Google Scholar 

  18. Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: King, S.T. (ed.) Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14–16, 2013. pp. 527–542. USENIX Association (2013). www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/pandita

  19. Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: Autocog: Measuring the description-to-permission fidelity in android applications. In: Ahn, G., Yung, M., Li, N. (eds.) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3–7, 2014. pp. 1354–1365. ACM (2014). https://doi.org/10.1145/2660267.2660287

  20. Raghuramu, A., Zang, H., Chuah, C.N.: Uncovering the footprints of malicious traffic in cellular data networks. In: PAM (2015)

    Google Scholar 

  21. Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: NDSS (2014)

    Google Scholar 

  22. Ren, J., Rao, A., Lindorfer, M., Legout, A., Choffnes, D.: Recon: Revealing and controlling pii leaks in mobile network traffic. In: MobiSys (2016)

    Google Scholar 

  23. Sihan, Q.: Research progress on android security. Ruan Jian Xue Bao J. Softw. 1, 27 (2016)

    Google Scholar 

  24. Vallée-Rai, R. Co, P., Gagnon, E., Hendren, L.J., Lam, P., Sundaresan, V.: Soot - a java bytecode optimization framework. In: MacKay, S.A., Johnson, J.H. (eds.) Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative Research, November 8–11, 1999, Mississauga, Ontario, Canada. p. 13. IBM (1999). dl.acm.org/citation.cfm?id=782008

  25. Wang, Z., Li, C., Yuan, Z., Guan, Y., Xue, Y.: Droidchain: a novel android malware detection method based on behavior chains. Pervasive Mob. Comput. 32, 3–14 (2016). https://doi.org/10.1016/j.pmcj.2016.06.018

    Article  Google Scholar 

  26. Wüchner, T., Cislak, A., Ochoa, M., Pretschner, A.: Leveraging compression-based graph mining for behavior-based malware detection. IEEE Trans. Dependable Secur. Comput. 16(1), 99–112 (2019)

    Google Scholar 

  27. Xia, M., Gong, L., Lyu, Y., Qi, Z., Liu, X.: Effective real-time android application auditing. In: S and P (2015)

    Google Scholar 

  28. Yang, W., Xiao, X., Andow, B., Li, S., Xie, T., Enck, W.: Appcontext: Differentiating malicious and benign mobile app behaviors using context. In: Bertolino, A., Canfora, G., Elbaum, S.G. (eds.) 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16–24, 2015, Volume 1. pp. 303–313. IEEE Computer Society (2015). https://doi.org/10.1109/ICSE.2015.50

  29. Zheng, X., Cai, Z.: Privacy-preserved data sharing towards multiple parties in industrial Iots. IEEE J. Sel. Areas Commun. 38(5), 968–979 (2020). https://doi.org/10.1109/JSAC.2020.2980802

    Article  Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: S and P (2012)

    Google Scholar 

  31. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5–8, 2012. The Internet Society (2012), www.ndss-symposium.org/ndss2012/hey-you-get-my-market-detecting-malicious-apps-official-and-alternative-android-markets

Download references

Author information

Authors and Affiliations

  1. Shandong University, Qingdao, 266237, CN, China

    Yueqing Wu, Guoming Zhang, Bin Zhao, Minghui Xu, Yifei Zou & Pengfei Hu

  2. UC Davis, Davis, CA, 95616, US

    Hao Fu

  3. JD.com American Technologies Corporation, Mountain View, CA, 94043, US

    Xiaotao Feng

Authors
  1. Yueqing Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hao Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guoming Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bin Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Minghui Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yifei Zou
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Xiaotao Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Pengfei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pengfei Hu .

Editor information

Editors and Affiliations

  1. Dalian University of Technology, Dalian, China

    Lei Wang

  2. Ben-Gurion University of the Negev, Beer-Sheva, Israel

    Michael Segal

  3. Chang Gung University, Taiwan, China

    Jenhui Chen

  4. Tianjin University, Tianjin, China

    Tie Qiu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wu, Y. et al. (2022). TraceDroid: Detecting Android Malware by Trace of Privacy Leakage. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13471. Springer, Cham. https://doi.org/10.1007/978-3-031-19208-1_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19208-1_38

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19207-4

  • Online ISBN: 978-3-031-19208-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation