A Longitudinal Study of Cryptographic API: a Decade of Android
Malware

D 2022

A Longitudinal Study of Cryptographic API: a Decade of Android Malware

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ, Giorgio GIACINTO et. al.

Základní údaje

Originální název

A Longitudinal Study of Cryptographic API: a Decade of Android Malware

Název česky

Longitudální studie kryptografického API: Dékáda malwaru na platformě Android

Autoři

JANOVSKÝ, Adam (203 Česká republika, garant, domácí), Davide MAIORCA (380 Itálie), Dominik MACKO (703 Slovensko, domácí), Václav MATYÁŠ (203 Česká republika, domácí) a Giorgio GIACINTO (380 Itálie)

Vydání

Portugal, Proceedings of the 19th International Conference on Security and Cryptography, od s. 121-133, 13 s. 2022

Nakladatel

SCITEPRESS

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Portugalsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Kód RIV

RIV/00216224:14330/22:00126229

Organizační jednotka

Fakulta informatiky

ISBN

978-989-758-590-6

ISSN

DOI

http://dx.doi.org/10.5220/0011265300003283

UT WoS

000853004900010

Klíčová slova anglicky

Cryptographic API; Malware; Android; Malware Detection

Štítky

core_B, firank_B

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 14. 5. 2024 12:44, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.

Návaznosti

GA20-03426S, projekt VaV

Název: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

Investor: Grantová agentura ČR, Ověření a zlepšení bezpečnosti kryptografie eliptických křivek

MUNI/A/1076/2019, interní kód MU

Název: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20 (Akronym: SKOMU)

Investor: Masarykova univerzita, Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 20, DO R. 2020_Kategorie A - Specifický výzkum - Studentské výzkumné projekty

Citovat

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ a Giorgio GIACINTO. A Longitudinal Study of Cryptographic API: a Decade of Android Malware. In Sabrina De Capitani di Vimercati and Pierangela Samarati. Proceedings of the 19th International Conference on Security and Cryptography. Portugal: SCITEPRESS, 2022, s. 121-133. ISBN 978-989-758-590-6. Dostupné z: https://dx.doi.org/10.5220/0011265300003283.

@inproceedings{1874340,
   author = {Janovský, Adam and Maiorca, Davide and Macko, Dominik and Matyáš, Václav and Giacinto, Giorgio},
   address = {Portugal},
   booktitle = {Proceedings of the 19th International Conference on Security and Cryptography},
   doi = {http://dx.doi.org/10.5220/0011265300003283},
   editor = {Sabrina De Capitani di Vimercati and Pierangela Samarati},
   keywords = {Cryptographic API; Malware; Android; Malware Detection},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Portugal},
   isbn = {978-989-758-590-6},
   pages = {121-133},
   publisher = {SCITEPRESS},
   title = {A Longitudinal Study of Cryptographic API: a Decade of Android Malware},
   year = {2022}
}

TY  - JOUR
ID  - 1874340
AU  - Janovský, Adam - Maiorca, Davide - Macko, Dominik - Matyáš, Václav - Giacinto, Giorgio
PY  - 2022
TI  - A Longitudinal Study of Cryptographic API: a Decade of Android Malware
PB  - SCITEPRESS
CY  - Portugal
SN  - 9789897585906
KW  - Cryptographic API
KW  - Malware
KW  - Android
KW  - Malware Detection
N2  - Cryptography has been extensively used in Android applications to guarantee secure communications, conceal critical data from reverse engineering, or ensure mobile users’ privacy. Various system-based and third-party libraries for Android provide cryptographic functionalities, and previous works mainly explored the misuse of cryptographic API in benign applications. However, the role of cryptographic API has not yet been explored in Android malware. This paper performs a comprehensive, longitudinal analysis of cryptographic API in Android malware. In particular, we analyzed 603937 Android applications (half of them malicious, half benign) released between 2012 and 2020, gathering more than 1 million cryptographic API expressions. Our results reveal intriguing trends and insights on how and why cryptography is employed in Android malware. For instance, we point out the widespread use of weak hash functions and the late transition from insecure DES to AES. Additionally, we show that cryptography-related characteristics can help to improve the performance of learning-based systems in detecting malicious applications.
ER  -

JANOVSKÝ, Adam, Davide MAIORCA, Dominik MACKO, Václav MATYÁŠ a Giorgio GIACINTO. A Longitudinal Study of Cryptographic API: a Decade of Android Malware. In Sabrina De Capitani di Vimercati and Pierangela Samarati. \textit{Proceedings of the 19th International Conference on Security and Cryptography}. Portugal: SCITEPRESS, 2022, s.~121-133. ISBN~978-989-758-590-6. Dostupné z: https://dx.doi.org/10.5220/0011265300003283.

Podrobný výpis o publikaci