Xu Hao is currently working on security research and development of OSX/iOS applications, and he also has years of experience in Windows security. His major research covers security of OSX/iOS/Windows, rootkit attack and detection, virtualization technology, reverse engineering as well as PKI. He has presented his research at international security conferences including XCON, POC, SYSCAN.
As a PhD student at Shanghai Jiao Tong University in the department of Computer, pLL is focused on program analysis theory and algorithm, including Fuzz Testing, security check, reliability verification and vulnerability automation analysis of programs.
[Abstract] Android malware continues growing these years and traditional signature based detection can't protect user from malware effectively. Since it's easy to bypass coexistent antivirus software by simply modifying and repacking the malware, we developed a static data flow analysis engine -aDFAer to solve this problem. Our engine can not only identify malicious operation but also try to establish a data flow path from accessing privacy to leaking, in such way, we can detect zero-day malware according to its behavior.
Android malware is now adopting various tricks from the age-old desktops. Reflection technique is one of the tricks used by malware to obscure the control flow to thwart the static code analysis tools. Malware is also preferred to trigger hidden function using reflection technique, manipulating the 3G interface for example. On the other side, more than 73 percent of android APPs are now using reflection mechanism to perform benign action. So, a reasonable methodology is needed to distinguish malware from benign APPs. In this topic, we show how to reveal the real purpose of a reflection invoking based on aDFAer engine. Furthermore, we detect malware actions like sending SMS, turning on/off GPRS, etc. At the end, we show our detection result on over 11,000 malware samples and 6,000 benign APPs.