FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4302016191> ?p ?o ?g. }

• W4302016191 abstract "<p>From a little research experiment to an essential component of military arsenals, malicious software has constantly been growing and evolving for more than three decades. On the other hand, from a negligible market share, the Android operating system is nowadays the most widely used mobile operating system, becoming a desirable target for large-scale malware distribution. While scientific literature has followed this trend, one aspect has been understudied: the role of native code in malicious Android apps. Android apps are written in high-level languages, but thanks to the Java Native Interface (JNI), Android also supports calling native (C/C++) library functions. While allowing native code in Android apps has a strong positive impact from a performance perspective, it dramatically complicates its analysis because bytecode and native code need different abstractions and analysis algorithms, and they thus pose different challenges and limitations. Consequently, these difficulties are often (ab)used to hide malicious payloads. In this work, we propose a novel methodology to reverse engineering Android apps focusing on suspicious patterns related to native components, i.e., surreptitious code that requires further inspection. We implemented a static analysis tool based on such methodology, which can bridge the “Java” and the native worlds and perform an in-depth analysis of tag code blocks responsible for suspicious behavior. These tags benefit the human facing the reverse engineering task: they clearly indicate which part of the code to focus on to find malicious code. Then, we performed a longitudinal analysis of Android malware over the past ten years and compared the recent malicious samples with actual top apps on the Google Play Store. Our work depicts typical behaviors of modern malware, its evolution, and how it abuses the native layer to complicate the analysis, especially with dynamic code loading and novel anti-analysis techniques. Finally, we show a use case for our suspicious tags: we trained and tested a machine learning algorithm for a binary classification task. Even if suspicious does not imply malicious, our classifier obtained a remarkable F1-score of 0.97, showing that our methodology can be helpful to both humans and machines.</p>" @default.
• W4302016191 created "2022-10-06" @default.
• W4302016191 creator A5008696869 @default.
• W4302016191 creator A5025601945 @default.
• W4302016191 creator A5028208967 @default.
• W4302016191 creator A5030403848 @default.
• W4302016191 creator A5077703323 @default.
• W4302016191 creator A5086859505 @default.
• W4302016191 date "2022-10-05" @default.
• W4302016191 modified "2023-10-16" @default.
• W4302016191 title "The Dark Side of Native Code on Android" @default.
• W4302016191 doi "https://doi.org/10.36227/techrxiv.21220247.v1" @default.
• W4302016191 hasPublicationYear "2022" @default.
• W4302016191 type Work @default.
• W4302016191 citedByCount "0" @default.
• W4302016191 crossrefType "posted-content" @default.
• W4302016191 hasAuthorship W4302016191A5008696869 @default.
• W4302016191 hasAuthorship W4302016191A5025601945 @default.
• W4302016191 hasAuthorship W4302016191A5028208967 @default.
• W4302016191 hasAuthorship W4302016191A5030403848 @default.
• W4302016191 hasAuthorship W4302016191A5077703323 @default.
• W4302016191 hasAuthorship W4302016191A5086859505 @default.
• W4302016191 hasBestOaLocation W43020161911 @default.
• W4302016191 hasConcept C111919701 @default.
• W4302016191 hasConcept C115168132 @default.
• W4302016191 hasConcept C169590947 @default.
• W4302016191 hasConcept C199360897 @default.
• W4302016191 hasConcept C207850805 @default.
• W4302016191 hasConcept C2778579508 @default.
• W4302016191 hasConcept C2779395397 @default.
• W4302016191 hasConcept C2779818221 @default.
• W4302016191 hasConcept C38652104 @default.
• W4302016191 hasConcept C41008148 @default.
• W4302016191 hasConcept C43126263 @default.
• W4302016191 hasConcept C541664917 @default.
• W4302016191 hasConcept C548217200 @default.
• W4302016191 hasConcept C557433098 @default.
• W4302016191 hasConcept C97686452 @default.
• W4302016191 hasConceptScore W4302016191C111919701 @default.
• W4302016191 hasConceptScore W4302016191C115168132 @default.
• W4302016191 hasConceptScore W4302016191C169590947 @default.
• W4302016191 hasConceptScore W4302016191C199360897 @default.
• W4302016191 hasConceptScore W4302016191C207850805 @default.
• W4302016191 hasConceptScore W4302016191C2778579508 @default.
• W4302016191 hasConceptScore W4302016191C2779395397 @default.
• W4302016191 hasConceptScore W4302016191C2779818221 @default.
• W4302016191 hasConceptScore W4302016191C38652104 @default.
• W4302016191 hasConceptScore W4302016191C41008148 @default.
• W4302016191 hasConceptScore W4302016191C43126263 @default.
• W4302016191 hasConceptScore W4302016191C541664917 @default.
• W4302016191 hasConceptScore W4302016191C548217200 @default.
• W4302016191 hasConceptScore W4302016191C557433098 @default.
• W4302016191 hasConceptScore W4302016191C97686452 @default.
• W4302016191 hasLocation W43020161911 @default.
• W4302016191 hasLocation W43020161912 @default.
• W4302016191 hasOpenAccess W4302016191 @default.
• W4302016191 hasPrimaryLocation W43020161911 @default.
• W4302016191 hasRelatedWork W2286416179 @default.
• W4302016191 hasRelatedWork W2587046957 @default.
• W4302016191 hasRelatedWork W2770445302 @default.
• W4302016191 hasRelatedWork W2969365378 @default.
• W4302016191 hasRelatedWork W3135174262 @default.
• W4302016191 hasRelatedWork W4225920890 @default.
• W4302016191 hasRelatedWork W4285662085 @default.
• W4302016191 hasRelatedWork W4302016191 @default.
• W4302016191 hasRelatedWork W4302016192 @default.
• W4302016191 hasRelatedWork W4311731381 @default.
• W4302016191 isParatext "false" @default.
• W4302016191 isRetracted "false" @default.
• W4302016191 workType "article" @default.