This commit is contained in:
Jean-Marie Mineau
parent
5a71a9d5dd
commit
81f49f87d3
GPG key ID:
B66AEEDA9B645AD2
16 changed files with 267 additions and 202 deletions
|
|
@ -21,11 +21,11 @@ The observation of the success or failure of these analysis enables us to answer
|
|||
/ RQ3: Does the reusability of tools change when analyzing goodware compared to malware? <rq-3>
|
||||
|
||||
/*
|
||||
As a summary, the contributions of this paper are the following:
|
||||
As a summary, the contributions of this chapterare the following:
|
||||
|
||||
- We provide containers with a compiled version of all studied analysis tools, which ensures the reproducibility of our experiments and an easy way to analyse applications for other researchers. Additionally receipts for rebuilding such containers are provided.
|
||||
- We provide a recent dataset of #NBTOTALSTRING applications balanced over the time interval 2010-2023.
|
||||
- We point out which static analysis tools of Li #etal SLR paper@Li2017 can safely be used and we show that #resultunusable of evaluated tools are unusable (considering that a tool that fails more than 50% of time is unusable). In total, the success rate of the tools we could run is #resultratio on our dataset.
|
||||
- We point out which static analysis tools of Li #etal SLR~@Li2017 can safely be used and we show that #resultunusable of evaluated tools are unusable (considering that a tool that fails more than 50% of time is unusable). In total, the success rate of the tools we could run is #resultratio on our dataset.
|
||||
- We discuss the effect of applications features (date, size, SDK version, goodware/malware) on static analysis tools and the nature of the issues we found by studying statistics on the errors captured during our experiments.
|
||||
*/
|
||||
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ We refer to this variant of usage as androguard_dad.
|
|||
|
||||
Finally, starting with #nbtools tools of @tab:rasta-tools, with the two variations of IC3 and Androguard, we have in total #nbtoolsselectedvariations static analysis tools to evaluate in which two tools cannot be built and will be considered as always failing.
|
||||
|
||||
=== Source Code Selection and Building Process
|
||||
=== Source Code Selection and Building Process <sec:rasta-src-select>
|
||||
|
||||
#figure({
|
||||
show table: set text(size: 0.80em)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
|
||||
== Conclusion <sec:rasta-conclusion>
|
||||
|
||||
#todo[Ca serait bien de faire un PR ou deux a Jadx/Androguard/Soot quand même]
|
||||
|
||||
Since the release of Android, many tools have been published in order to analyse Android application.
|
||||
In @sec:bg, we went through contributions benchmarking and comparing some of those tools.
|
||||
Those contributions suggested that analysing real-world applications might be more of a challenged than expected.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue