计算机科学
Android(操作系统)
恶意软件
静态分析
仿真
许可
操作系统
嵌入式系统
计算机安全
作弊
Android恶意软件
服务器
恶意软件分析
程序分析
信息敏感性
系统调用
树莓皮
仿人机器人
Android应用程序
动态程序分析
线程(计算)
移动设备
黑名单
软件错误
静态程序分析
电子邮件
作者
Ran Yan,Weina Niu,Qinsheng Hou,Xingyu Liu,Lingyun Ying,Xiaosong Zhang
标识
DOI:10.1109/tdsc.2025.3629678
摘要
For compatibility checks and preventing malicious cheating behaviors in Android systems, It is convenient for benign app developers to utilize emulation-detection technology. However, this technique has been abused by malicious app developers, which causes detection emulation and behavior change, known as anti-emulation behavior, to evade the dynamic analysis performed via the Android emulator. The Android permission mechanism can limit some anti-emulation behaviors, but attackers can still use permission-independent (PI) emulation-detection technology to achieve their goals. In this paper, we propose a static and dynamic combined detection framework named PIEDChecker to detect PI emulation-detection apps. This framework can statically identify PI emulation-detection code and dynamically verify PI anti-emulation behaviors. PIEDChecker's performance is validated by 382 manually created test apps and 344 apps with emulation-detection labels. Moreover, PIEDChecker has higher accuracy in detecting PI emulation-detection compared with the existing Android malware analysis platforms and academic methods. Moreover, it is found that there are 13,377 apps having PI emulation-detection behaviors within the tested 25,303 apps collected over the past five years. In particular, the detection features of the PI emulation-detection methods are summarized based on the evaluation result.
科研通智能强力驱动
Strongly Powered by AbleSci AI