rasta
This commit is contained in:
Jean-Marie Mineau
parent
fe6dbb1d22
commit
e794c037e8
GPG key ID:
B66AEEDA9B645AD2
10 changed files with 377 additions and 52 deletions
|
|
@ -1,11 +1,11 @@
|
|||
#import "../lib.typ": todo, highlight, num, paragraph, SDK, APK, DEX, FR, APKs
|
||||
#import "../lib.typ": todo, highlight-block, num, paragraph, SDK, APK, DEX, FR, APKs
|
||||
#import "X_var.typ": *
|
||||
#import "X_lib.typ": *
|
||||
|
||||
== Experiments <sec:rasta-xp>
|
||||
|
||||
|
||||
=== RQ1: Re-Usability Evaluation
|
||||
=== #rq1: Re-Usability Evaluation
|
||||
|
||||
|
||||
#figure(
|
||||
|
|
@ -104,14 +104,14 @@ As a summary, the final ratio of successful analysis for the tools that we could
|
|||
is #mypercent(54.9, 100).
|
||||
When including the two defective tools, this ratio drops to #mypercent(49.9, 100).
|
||||
|
||||
#highlight()[
|
||||
*RQ1 answer:*
|
||||
#highlight-block()[
|
||||
*#rq1 answer:*
|
||||
On a recent dataset we consider that #resultunusable of the tools are unusable.
|
||||
For the tools that we could run, #resultratio of analysis are finishing successfully.
|
||||
//(those with less than 50% of successful execution and including the two tools that we were unable to build).
|
||||
]
|
||||
|
||||
=== RQ2: Size, #SDK and Date Influence
|
||||
=== #rq2: Size, #SDK and Date Influence
|
||||
|
||||
#todo[alt text for fig rasta-exit-evolution-java and rasta-exit-evolution-not-java]
|
||||
|
||||
|
|
@ -262,8 +262,8 @@ We performed similar experiments by variating the min #SDK and target #SDK versi
|
|||
We found that contrary to the target #SDK, the min #SDK version has an impact on the finishing rate of Java based tools: 8 tools over 12 are below 50% after #SDK 16.
|
||||
It is not surprising, as the min #SDK is highly correlated to the year.
|
||||
|
||||
#highlight(breakable: false)[
|
||||
*RQ2 answer:*
|
||||
#highlight-block(breakable: false)[
|
||||
*#rq2 answer:*
|
||||
For the #nbtoolsselected tools that can be used partially, a global decrease of the success rate of tools' analysis is observed over time.
|
||||
Starting at 78% of success rate, after five years, tools have 61% of success; after ten years, 45% of success.
|
||||
The success rate varies based on the size of bytecode and #SDK version.
|
||||
|
|
@ -271,7 +271,7 @@ The date is also correlated with the success rate for Java based tools only.
|
|||
]
|
||||
|
||||
|
||||
=== RQ3: Malware vs Goodware <sec:rasta-mal-vs-good>
|
||||
=== #rq3: Malware vs Goodware <sec:rasta-mal-vs-good>
|
||||
|
||||
#figure({
|
||||
show table: set text(size: 0.80em)
|
||||
|
|
@ -446,7 +446,7 @@ It goes from 1.03 for the 2#super[nd] decile to 0.67 in the 9#super[th] decile.
|
|||
We conclude from this table that, at equal size, analyzing malware still triggers less errors than for goodware, and that the difference of errors generated between when analyzing a goodware and analyzing a malware increase with the bytecode size.
|
||||
|
||||
|
||||
#highlight()[
|
||||
*RQ3 answer:*
|
||||
#highlight-block()[
|
||||
*#rq3 answer:*
|
||||
Analyzing malware applications triggers less errors for static analysis tools than analyzing goodware for comparable bytecode size.
|
||||
]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue