these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

wip

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-10-01 15:51:12 +02:00
parent 346151125e
commit b5583dbae9
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
8 changed files with 110 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

56
3_rasta/3_experiments.typ
View file

@ -121,8 +121,9 @@ For the tools that we could run, #resultratio of analyses are finishing successf
width: 50%,
alt: ""
),
caption: [Java-based tools],
supplement: [Subfigure],
caption: [a) Java-based tools],
supplement: none,
kind: "sub-rasta-exit-evolution"
) <fig:rasta-exit-evolution-java>],
[#figure(
image(
@ -130,17 +131,18 @@ For the tools that we could run, #resultratio of analyses are finishing successf
width: 50%,
alt: "",
),
caption: [Non-Java-based tools],
supplement: [Subfigure],
caption: [b) Non-Java-based tools],
supplement: none,
kind: "sub-rasta-exit-evolution"
) <fig:rasta-exit-evolution-not-java>]
), caption: [Exit status evolution for the Rasta dataset]
)
) <fig:rasta-exit-evolution>
For investigating the effect of application dates on the tools, we computed the date of each #APK based on the minimum date between the first upload in AndroZoo and the first analysis in VirusTotal.
Such a computation is more reliable than using the #DEX date, which is often obfuscated when packaging the application.
Then, for the sake of clarity of our results, we separated the tools that have mainly Java source code from those that use other languages.
Among the ones that are Java-based programs, most of them use the Soot framework, which may correlate the obtained results.
@fig:rasta-exit-evolution-java (resp. @fig:rasta-exit-evolution-not-java) compares the success rate of the tools between 2010 and 2023 for Java-based tools (resp. non Java-based tools).
@fig:rasta-exit-evolution a) (resp. @fig:rasta-exit-evolution b)) compares the success rate of the tools between 2010 and 2023 for Java-based tools (resp. non Java-based tools).
For Java-based tools, a clear decrease in finishing rate can be observed globally for all tools.
For non-Java-based tools, 2 of them keep a high success rate (Androguard, Mallodroid).
The result is expected for Androguard, because the analysis is relatively simple and the tool is largely adopted, as previously mentioned.
@ -186,8 +188,9 @@ To compare the influence of the date, #SDK version and size of applications, we
width: 50%,
alt: ""
),
caption: [Java-based tools],
supplement: [Subfigure],
caption: [a) Java-based tools],
kind: "sub-rasta-decorelation-size-2022",
supplement: none,
) <fig:rasta-rate-evolution-java-2022>],
[#figure(
image(
@ -195,15 +198,16 @@ To compare the influence of the date, #SDK version and size of applications, we
width: 50%,
alt: "",
),
caption: [Non-Java-based tools],
supplement: [Subfigure],
caption: [b) Non-Java-based tools],
kind: "sub-rasta-decorelation-size-2022",
supplement: none,
) <fig:rasta-rate-evolution-non-java-2022>]
), caption: [Finishing rate by bytecode size for #APK detected in 2022]
) <fig:rasta-decorelation-size>
) <fig:rasta-decorelation-size-2022>
#paragraph[Fixed application year. (#num(5000) #APKs)][
We selected the year 2022, which has a good amount of representatives for each decile of size in our application dataset.
@fig:rasta-rate-evolution-java-2022 (resp. @fig:rasta-rate-evolution-non-java-2022) shows the finishing rate of the tools in function of the size of the bytecode for Java-based tools (resp. non-Java-based tools) analysing applications of 2022.
@fig:rasta-decorelation-size-2022 a) (resp. @fig:rasta-decorelation-size-2022 b)) shows the finishing rate of the tools in function of the size of the bytecode for Java-based tools (resp. non-Java-based tools) analysing applications of 2022.
We can observe that all Java-based tools have a finishing rate that decreases over the years.
50% of non-Java-based tools have the same behaviour.
]
@ -216,8 +220,9 @@ We can observe that all Java-based tools have a finishing rate that decreases ov
width: 50%,
alt: ""
),
caption: [Java-based tools],
supplement: [Subfigure],
caption: [a) Java-based tools],
supplement: none,
kind: "sub-rasta-decorelation-size",
) <fig:rasta-rate-evolution-java-decile-year>],
[#figure(
image(
@ -225,15 +230,16 @@ We can observe that all Java-based tools have a finishing rate that decreases ov
width: 50%,
alt: "",
),
caption: [Non-Java-based tools],
supplement: [Subfigure],
caption: [b) Non-Java-based tools],
supplement: none,
kind: "sub-rasta-decorelation-size",
) <fig:rasta-rate-evolution-non-java-decile-year>]
), caption: [Finishing rate by discovery year with a bytecode size $in$ [4.08, 5.2] MB]
) <fig:rasta-decorelation-size>
) <fig:rasta-decorelation-size-decide-year>
#paragraph[Fixed application bytecode size. (#num(6252) APKs)][
We selected the sixth decile (between 4.08 and 5.20 MB), which is well represented in a wide number of years.
@fig:rasta-rate-evolution-java-decile-year (resp. @fig:rasta-rate-evolution-non-java-decile-year) represents the finishing rate depending on the year at a fixed bytecode size.
@fig:rasta-decorelation-size-decide-year a) (resp. @fig:rasta-decorelation-size-decide-year b)) represents the finishing rate depending on the year at a fixed bytecode size.
We observe that 9 tools out of 12 have a finishing rate dropping below 20% for Java-based tools, which is not the case for non-Java-based tools.
]
@ -245,8 +251,9 @@ We observe that 9 tools out of 12 have a finishing rate dropping below 20% for J
width: 50%,
alt: ""
),
caption: [Java-based tools],
supplement: [Subfigure],
caption: [a) Java-based tools],
kind: "sub-rasta-decorelation-size-decile-min-sdk",
supplement: none,
) <fig:rasta-rate-evolution-java-decile-min-sdk>],
[#figure(
image(
@ -254,13 +261,14 @@ We observe that 9 tools out of 12 have a finishing rate dropping below 20% for J
width: 50%,
alt: "",
),
caption: [Non-Java-based tools],
supplement: [Subfigure],
caption: [b) Non-Java-based tools],
kind: "sub-rasta-decorelation-size-decile-min-sdk",
supplement: none,
) <fig:rasta-rate-evolution-non-java-decile-min-sdk>]
), caption: [Finishing rate by min #SDK with a bytecode size $in$ [4.08, 5.2] MB]
) <fig:rasta-decorelation-size>
) <fig:rasta-decorelation-size-decile-min-sdk>
We performed similar experiments by varying the min #SDK and target #SDK versions, still with a fixed bytecode size between 4.08 and 5.2 MB, as shown in @fig:rasta-rate-evolution-java-decile-min-sdk and @fig:rasta-rate-evolution-non-java-decile-min-sdk.
We performed similar experiments by varying the min #SDK and target #SDK versions, still with a fixed bytecode size between 4.08 and 5.2 MB, as shown in @fig:rasta-decorelation-size-decile-min-sdk a) and @fig:rasta-decorelation-size-decile-min-sdk b).
We found that, contrary to the target #SDK, the min #SDK version has an impact on the finishing rate of Java-based tools: 8 tools over 12 are below 50% after #SDK 16.
It is not surprising, as the min #SDK is highly correlated to the year.