With the increasing diffusion of mobile technologies, nowadays mobile devices represent an irreplaceable tool to perform several operations, from posting a status on a social network to transfer money between bank accounts. As a consequence, mobile devices store a huge amount of private and sensitive information and this is the reason why attackers are developing very sophisticated techniques to extort data and money from our devices. This paper presents the design and the implementation of LEILA (formaL tool for idEntifying mobIle maLicious behAviour), a tool targeted at Android malware families detection. LEILA is based on a novel approach that exploits model checking to analyse and verify the Java Bytecode that is produced when the source code is compiled. After a thorough description of the method used for Android malware families detection, we report the experiments we have conducted using LEILA. The experiments demonstrated that the tool is effective in detecting malicious behaviour and, especially, in localizing the payload within the code: we evaluated real-world malware belonging to several widespread families obtaining an accuracy ranging between 0.97 and 1.

中文翻译：

---

LEILA：用于识别移动恶意行为的正式工具

随着移动技术的日益普及，如今移动设备代表了一种不可替代的工具来执行多种操作，从在社交网络上发布状态到在银行账户之间转账。因此，移动设备存储了大量私人和敏感信息，这就是攻击者开发非常复杂的技术来从我们的设备中勒索数据和金钱的原因。本文介绍了 LEILA（用于识别移动恶意行为的正式工具）的设计和实现，LEILA 是一种针对 Android 恶意软件家族检测的工具。LEILA 基于一种新颖的方法，该方法利用模型检查来分析和验证编译源代码时生成的 Java 字节码。在对用于 Android 恶意软件家族检测的方法进行全面描述后，我们报告了我们使用 LEILA 进行的实验。实验表明，该工具在检测恶意行为方面是有效的，尤其是在定位代码中的有效载荷方面是有效的：我们评估了属于几个广泛家族的真实恶意软件，其准确度在 0.97 到 1 之间。