TaintBench: Automatic real-world malware benchmarking of Android taint analyses
release_lacwyfdxwjbrpdsayg6qbnunra
by
Linghui Luo, Felix Pauck, Goran Piskachev, Manuel Benz, Ivan Pashchenko, Martin Mory, Eric Bodden, Ben Hermann, Fabio Massacci
2021 Volume 27
Abstract
<jats:title>Abstract</jats:title>Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents <jats:sc>TaintBench</jats:sc>, the first real-world <jats:italic>malware</jats:italic> benchmark suite with documented taint flows. <jats:sc>TaintBench</jats:sc> benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the <jats:sc>TaintBench</jats:sc> suite, we introduce the <jats:sc>TaintBench</jats:sc> framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts' performance and perceived usability when documenting and inspecting taint flows. Second, experiments using <jats:sc>TaintBench</jats:sc> reveal new insights for the taint analysis tools <jats:sc>Amandroid</jats:sc> and <jats:sc>FlowDroid</jats:sc>: (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools' accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors.
In application/xml+jats
format
Archived Files and Locations
application/pdf 4.6 MB
file_zenxgrkqunauvi4xb4a3couacq
|
link.springer.com (publisher) web.archive.org (webarchive) |
access all versions, variants, and formats of this works (eg, pre-prints)
Crossref Metadata (via API)
Worldcat
SHERPA/RoMEO (journal policies)
wikidata.org
CORE.ac.uk
Semantic Scholar
Google Scholar