Since just-in-time (JIT) has considerable overhead to detect hot spots and compile them at runtime, using sophisticated optimization techniques for embedded devices means that any resulting performance improvements wi...
详细信息
Since just-in-time (JIT) has considerable overhead to detect hot spots and compile them at runtime, using sophisticated optimization techniques for embedded devices means that any resulting performance improvements will be limited. In this paper, we introduce a novel static dalvik bytecode optimization framework, as a complementary compilation of the dalvik virtual machine, to improve the performance of Android applications. Our system generates optimized dalvik bytecodes by using Low Level Virtual Machine (LLVM). A major obstacle in using LLVM for optimizing dalvik bytecodes is determining how to handle the high-level language features of the dalvik bytecode in LLVM IR and how to optimize LLVM IR conforming to the language information of the dalvik bytecode. To this end, we annotate the high-level language features of dalvik bytecode to LLVM IR and successfully optimize dalvik bytecodes through instruction selection processes. Our experimental results show that our system with JIT improves the performance of Android applications by up to 6.08 times, and surpasses JIT by up to 4.34 times.
Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasin...
详细信息
ISBN:
(纸本)9781509007097
Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence, in this paper we present an n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode features showed that an f-measure of 98% is achievable using this approach.
The execution environment of Android system is based on a virtual machine called dalvik virtual machine (DVM) in which the execution of an application program is in interpret-mode. To reduce the interpretation overhea...
详细信息
ISBN:
(纸本)9781450307130
The execution environment of Android system is based on a virtual machine called dalvik virtual machine (DVM) in which the execution of an application program is in interpret-mode. To reduce the interpretation overhead of DVM, Google has included a trace-based just-in-time compiler (JITC) in the latest version of Android. Due to limited resources and the requirement for reasonable response time, the JITC is unable to apply deep optimizations to generate high quality code. In this paper, we propose a method-based ahead-of-time compiler (AOTC), called Icing, to speed up the execution of Android applications without the modification of any components of Android framework. The main idea of Icing is to convert the hot methods of an application program from DEX code to C code and uses the GCC compiler to translate the C code to the corresponding native code. With the Java Native Interface (JNI) library, the translated native code can be called by DVM. Both AOTC and JITC have their strength and weakness. In order to combine the strength and avoid the weakness of AOTC and JITC, in Icing, we have proposed a cost model to determine whether a method should be handled by AOTC or JITC during profiling. To evaluate the performance of Icing, four benchmarks used by Google JITC are used as test cases. The performance results show that, with Icing, the execution time of an application is two to three times faster than that without JITC, and 25% to 110% faster than that with JITC.
The explosive growth of the Android malware poses a great threat to users' privacy and sensitive personal information. It is urgent to develop an effective and efficient Android malware detection system. Existing ...
详细信息
ISBN:
(数字)9789811534188
ISBN:
(纸本)9789811534188;9789811534171
The explosive growth of the Android malware poses a great threat to users' privacy and sensitive personal information. It is urgent to develop an effective and efficient Android malware detection system. Existing studies usually require the manual feature engineering for the feature extraction. In fact, the detection performance is heavily relied on the quality of the feature extraction. Additionally, the feature extraction becomes extremely difficult in the malware detection due to the fact that malware developers often deploy the obfuscation techniques. To address this issue, we focus on the Android malware detection using the deep neural networks without the human factors. In this paper, we propose ByteDroid, an Android malware detection scheme that processes the raw dalvik bytecode using the deep learning. ByteDroid resizes the raw bytecode and constructs a learnable vector representation as the input to the neural network. Then, ByteDroid adopts a Convolutional Neural Networks (CNNs) to automatically extract the malware features and perform the classification. Our experiment results demonstrate that ByteDroid not only can effectively detect Android malware, but also has a great generalization performance given untrained malware. Moreover, ByteDroid maintains resilience to obfuscation techniques.
Android is an open source mobile operating system represented by the Open Handset Alliance (OHA), developed by Google and other organizations since 2007, which has taken up most of the market share of smart devices. H...
详细信息
ISBN:
(纸本)9781538643877
Android is an open source mobile operating system represented by the Open Handset Alliance (OHA), developed by Google and other organizations since 2007, which has taken up most of the market share of smart devices. However, the applications on the platform are facing the increasingly serious security threat. Although the Android system itself provides a set of security mechanism to protect the safety of the system and applications, there are still many security risks. In order to hide the vulnerability of the applications and prevent the malicious users from tampering the apps, multiple anti-analysis methods have been applied by many Android packers to consolidate the apps. bytecode-hiding is one of the most effective anti-analysis method, which can extract some bytecode from the Dex files and hide them from the vision of malicious analysts. Mostly, the hidden bytecode was encrypted, which can be recovered in runtime. But the conventional bytecode-hiding methods are always low-efficient and unsafe on some occasions, where the hidden bytecode can be recovered by the malicious analysts in some way. In this paper, we propose a bytecode-hiding scheme based on Ahead-Of-Time (AOT) compilation, called DroidPro, which can compile some chosen bytecode of Dex files of apps to native code in ahead-of-time that will be much harder to reverse. In our experiments, the apps packed by the packer associated with our bytecode-hiding scheme are more efficient and safer than other packers that use other bytecode-hiding schemes.
暂无评论