Name
Abstract | ||
|---|---|---|
Modern Android malwares tend to use advanced techniques to cover their malicious behaviors. They usually feature multi-staged, condition-guarded and environment-specific payloads. An increasing number of them utilize WebView, particularly the two-way communications between Java and JavaScript, to evade detection and analysis of existing techniques. We propose Dual-Force, a forced execution technique which simultaneously forces both Java and JavaScript code of WebView applications to execute along various paths without requiring any environment setup or providing any inputs manually. As such, the hidden payloads of WebView malwares are forcefully exposed. The technique features a novel execution model that allows forced execution to suppress exceptions and continue execution. Experimental results show that Dual-Force precisely exposes malicious payload in 119 out of 150 WebView malwares. Compared to the state-of-the-art, Dual-Force can expose 23% more malicious behaviors.
|
Year | DOI | Venue |
|---|---|---|
2018 | 10.1145/3238147.3238221 | ASE |
Keywords | Field | DocType |
WebView malware, forced execution, dynamic analysis | Android (operating system),Computer science,Theoretical computer science,Execution model,Malware,Java,Operating system,JavaScript,Payload | Conference |
ISSN | ISBN | Citations |
1527-1366 | 978-1-4503-5937-5 | 1 |
PageRank | References | Authors |
0.36 | 20 | 7 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Zhenhao Tang | 1 | 1 | 2.05 |
| Juan Zhai | 2 | 67 | 8.56 |
| Minxue Pan | 3 | 7 | 5.19 |
| Yousra Aafer | 4 | 264 | 13.36 |
| Shiqing Ma | 5 | 67 | 9.00 |
| Xiangyu Zhang | 6 | 2857 | 151.00 |
| Zhao Jianhua | 7 | 327 | 44.13 |