{"title":"Detecting Suspicious Conditional Statement using App Execution Log","authors":"Sumin Lee, Minho Park, Jiman Hong","doi":"10.1145/3555776.3577722","DOIUrl":null,"url":null,"abstract":"Because1 the logic bomb performs malicious behaviors only within the branch that triggers the malicious behaviors, if the branch can be easily found, malicious behaviors can be detected efficiently. Existing malicious app analysis tools look for branches that trigger malicious behaviors based on static analysis, so if reflection is used in the app, this branch statement cannot be found properly. Therefore, in this paper, we propose an app execution log-based suspicious conditional statement detection tool that can detect suspicious conditional statements even when reflection is used. The proposed detection tool which is implemented on the android-10.0.0_r47 version of AOSP(Android Open Source Project) can check the branch statement and information about called method while the app is executing, including the method called by reflection. Also, since suspicious conditional statements are detected by checking the method call flow related to branch statements in the execution log, there is no need to examine all branch statements in the app. Experimental results show that the proposed detection tool can detect suspicious conditional statements regardless of the use of reflection.","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577722","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 1
Abstract
Because1 the logic bomb performs malicious behaviors only within the branch that triggers the malicious behaviors, if the branch can be easily found, malicious behaviors can be detected efficiently. Existing malicious app analysis tools look for branches that trigger malicious behaviors based on static analysis, so if reflection is used in the app, this branch statement cannot be found properly. Therefore, in this paper, we propose an app execution log-based suspicious conditional statement detection tool that can detect suspicious conditional statements even when reflection is used. The proposed detection tool which is implemented on the android-10.0.0_r47 version of AOSP(Android Open Source Project) can check the branch statement and information about called method while the app is executing, including the method called by reflection. Also, since suspicious conditional statements are detected by checking the method call flow related to branch statements in the execution log, there is no need to examine all branch statements in the app. Experimental results show that the proposed detection tool can detect suspicious conditional statements regardless of the use of reflection.