TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses
04/10/2020
Speaker
Linghui Luo (Paderborn University)
Abstract
Due to the lack of established real-world benchmark suites for Android taint analysis, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult tocompare and reproduce the results.
In this work, we recommend criteria for constructing real-world benchmark suites for this specific domain, and presents TaintBench, the first real-world malware benchmark suite with documented taint flows. Together with the TaintBench suite, we introduce the TaintBench framework, whose goal is to simplify real-world benchmarking of Android taint analyses. Experiments using TaintBench reveal newinsights for the taint analysis tools Amandroid and FlowDroid.