Falcarin, P; Venerba, M; De Giorgi, M; Sarro, F; (2025) Detection of Reverse Engineering Activities before the Attack. In: Proceedings 10th IEEE European Symposium on Security and Privacy Workshops Euro S and Pw 2025. (pp. pp. 703-710). IEEE: Venice, Italy.

Preview

Text Sarro_android.pdf - Accepted Version Download (566kB) | Preview

Abstract

In typical cybersecurity scenarios, one aims at detecting attacks after the fact: in this work, we aim at applying an active defence, by detecting activities of attackers trying to analyse and reverse engineer the code of an Android app, before they will be able to perform an attack by tampering with the application code. We instrumented an app to collect various runtime data before and after deployment, in normal behaviour and under malicious analysis. We introduce the concept of partial execution paths as subsets of a program trace suddenly interrupted, as possible indicators of debugging activities. Such clues, along with system calls sequences and delays between them, stack information, and sensors data, are all data that are collected to help our system in deciding whether our app is under analysis and its device has to be considered compromised.

Download activity - last month

Export as XMLCSVJSON

Download activity - last 12 months

Export as JSONXMLCSV

Downloads by country - last 12 months

Export as CSVXMLJSON

Archive Staff Only

View Item