Explaining the Use of Cryptographic API in Android Malware

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00131871" target="_blank" >RIV/00216224:14330/23:00131871 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-031-45137-9_4" target="_blank" >http://dx.doi.org/10.1007/978-3-031-45137-9_4</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-45137-9_4" target="_blank" >10.1007/978-3-031-45137-9_4</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Explaining the Use of Cryptographic API in Android Malware

Popis výsledku v původním jazyce

Cryptography allows for guaranteeing secure communications, concealing critical data from reverse engineering, or ensuring mobile users’ privacy. Android malware developers extensively leveraged cryptographic libraries to obfuscate and hide malicious behavior. Various system-based and third-party libraries provide cryptographic functionalities for Android, and their use and misuse by application developers have already been documented. This paper analyzes the use of cryptographic APIs in Android malware by comparing them to benign Android applications. In particular, Android applications released between 2012 and 2020 have been analyzed, and more than 1 million cryptographic API expressions have been gathered. We created a processing pipeline to produce a report to reveal trends and insights on how and why cryptography is employed in Android malware. Results showed that the usage of cryptographic APIs in malware differs from that made in benign applications. The different patterns in the use of cryptographic APIs in malware and benign applications have been further analyzed through the explanations of Android malware detectors based on machine learning approaches, showing how crypto-related features can improve detection performances. We observed that the transition to more robust cryptographic techniques is slower in Android malware than in benign applications.

Název v anglickém jazyce

Explaining the Use of Cryptographic API in Android Malware

Popis výsledku anglicky

Cryptography allows for guaranteeing secure communications, concealing critical data from reverse engineering, or ensuring mobile users’ privacy. Android malware developers extensively leveraged cryptographic libraries to obfuscate and hide malicious behavior. Various system-based and third-party libraries provide cryptographic functionalities for Android, and their use and misuse by application developers have already been documented. This paper analyzes the use of cryptographic APIs in Android malware by comparing them to benign Android applications. In particular, Android applications released between 2012 and 2020 have been analyzed, and more than 1 million cryptographic API expressions have been gathered. We created a processing pipeline to produce a report to reveal trends and insights on how and why cryptography is employed in Android malware. Results showed that the usage of cryptographic APIs in malware differs from that made in benign applications. The different patterns in the use of cryptographic APIs in malware and benign applications have been further analyzed through the explanations of Android malware detectors based on machine learning approaches, showing how crypto-related features can improve detection performances. We observed that the transition to more robust cryptographic techniques is slower in Android malware than in benign applications.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/GA20-03426S" target="_blank" >GA20-03426S: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

E-Business and Telecommunications

ISBN

9783031451362

ISSN

1865-0929

e-ISSN

—

Počet stran výsledku

29

Strana od-do

69-97

Název nakladatele

Springer Nature Switzerland

Místo vydání

Cham

Místo konání akce

Cham

Datum konání akce

1. 1. 2023

Typ akce podle státní příslušnosti

CST - Celostátní akce

Kód UT WoS článku

—