Abstract
Modern Android malwares tend to use advanced techniques to cover their malicious behaviors. They usually feature multi-staged, condition-guarded and environment-specific payloads. An increasing number of them utilize WebView, particularly the two-way communications between Java and JavaScript, to evade detection and analysis of existing techniques. We propose Dual-Force, a forced execution technique which simultaneously forces both Java and JavaScript code of WebView applications to execute along various paths without requiring any environment setup or providing any inputs manually. As such, the hidden payloads of WebView malwares are forcefully exposed. The technique features a novel execution model that allows forced execution to suppress exceptions and continue execution. Experimental results show that Dual-Force precisely exposes malicious payload in 119 out of 150 WebView malwares. Compared to the state-of-the-art, Dual-Force can expose 23% more malicious behaviors.
Author supplied keywords
Cite
CITATION STYLE
Tang, Z., Zhai, J., Pan, M., Aafer, Y., Ma, S., Zhang, X., & Zhao, J. (2018). Dual-force: Understanding webview malware via cross-language forced execution. In ASE 2018 - Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (pp. 714–725). Association for Computing Machinery, Inc. https://doi.org/10.1145/3238147.3238221
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.