- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Understanding the characteristics of invasive malware...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Understanding the characteristics of invasive malware from the Google Play Store Cao, Michael
Abstract
This thesis provides a detailed in-depth analysis of Android malware samples that bypassed detection by the Google Play app store and penetrated the official Android market between January 2016 and July 2021. By systematically extracting and analyzing samples from 107 malware families, we identify malicious payloads they execute, conditions guarding execution of the payloads, and other implementation level properties relevant for malware detection. As most samples in our dataset contain multiple payloads, each triggered via its own complex activation logic, we also contribute a graph-based representation showing multiple activation paths and payloads for each sample in form of a control- and data-flow graph. We discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed samples, and identify possible gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware families will be of interest to researchers and practitioners and will help further improve malware detection tools. We make our annotated dataset of 1238 samples from 134 malware families available for future studies.
Item Metadata
| Title |
Understanding the characteristics of invasive malware from the Google Play Store
|
| Creator | |
| Supervisor | |
| Publisher |
University of British Columbia
|
| Date Issued |
2022
|
| Description |
This thesis provides a detailed in-depth analysis of Android malware samples that bypassed detection by the Google Play app store and penetrated the official Android market between January 2016 and July 2021. By systematically extracting and analyzing samples from 107 malware families, we identify malicious payloads they execute, conditions guarding execution of the payloads, and other implementation level properties relevant for malware detection. As most samples in our dataset contain multiple payloads, each triggered via its own complex activation
logic, we also contribute a graph-based representation showing multiple activation paths and payloads for each sample in form of a control- and data-flow graph. We discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed samples, and identify possible gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware families will be of interest to researchers and practitioners and will help further improve malware detection tools. We make our annotated dataset of 1238 samples from 134 malware families available for future studies.
|
| Genre | |
| Type | |
| Language |
eng
|
| Date Available |
2022-01-10
|
| Provider |
Vancouver : University of British Columbia Library
|
| Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
| DOI |
10.14288/1.0406233
|
| URI | |
| Degree | |
| Program | |
| Affiliation | |
| Degree Grantor |
University of British Columbia
|
| Graduation Date |
2022-05
|
| Campus | |
| Scholarly Level |
Graduate
|
| Rights URI | |
| Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International