IIT Home Page CNR Home Page

LEILA: formaL tool for idEntifying mobIle maLicious behAviour

With the increasing diffusion of mobile technologies, nowadays mobile devices represent an irreplaceable tool to perform several operations, from posting a status on a social network to transfer money between bank accounts. As a consequence, mobile devices store a huge amount of private and sensitive information and this is the reason why attackers are developing very sophisticated techniques to extort data and money from our devices. This paper presents the design and the implementation of LEILA (formaL tool for idEntifying mobIle maLicious behAviour), a tool targeted at Android malware families detection. LEILA is based on a novel approach that exploits model checking to analyse and verify the Java Bytecode that is produced when the source code is compiled. After a thorough description of the method used for Android malware families detection, we report the experiments we have conducted using LEILA. The experiments demonstrated that the tool is effective in detecting malicious behaviour and, especially, in localizing the payload within the code: we evaluated real-world malware belonging to several widespread families obtaining an accuracy ranging between 0.97 and 1.

IEEE Transactions on Software Engineering, 2018

Autori esterni: Gerardo Canfora (Dipartimento di Ingegneria, Università degli Studi del Sannio), Vittoria Nardone (Dipartimento di Ingegneria, Università degli Studi del Sannio), Corrado Aaron Visaggio (Dipartimento di Ingegneria, Università degli Studi del Sannio), Antonella Santone (Dipartimento di Bioscienze e Territorio, Università degli Studi del Molise)
Autori IIT:

Tipo: Contributo in rivista ISI
Area di disciplina: Computer Science & Engineering

File: leila-formal_tool.pdf

Attività: Metodi formali per la sicurezza di sistemi ICT
Sicurezza di dispositivi mobili