It’s Acting Odd! Exploring Equivocal Behaviors of Goodware

It’s Acting Odd! Exploring Equivocal Behaviors of Goodware

연구 분야: Analysis

학회: Proceedings of the ACM on Software Engineering, Volume 2, Issue FSE

Nowadays, although it is widely known which behaviors of a software define a malware, there is a large gray area of invasive behaviors that do not make software necessarily harmful but act pervasively without the user’s perception. Being adequately informed of such behaviors is crucial to enhance transparency and awareness about the possible risks or blind spots to consider when executing/adopting a software tool or library. To cope with this issue, this work aims to (i) identify and classify equivocal behaviors of desktop software applications and (ii) assess the relevance and prevalence of such behaviors in trusted software. We identify twelve equivocal behaviors and evaluate their equivocality through a survey involving 32 software engineering and cybersecurity experts. Then, we investigate the extent to which such behaviors are exhibited by trusted software compared to malware samples. The results demonstrate that most surveyed experts generally agree on the equivocality of identified behaviors. In addition, legitimate software frequently manifests some of the behaviors identified as equivocal. Specifically, in more than 30% of reports generated for trusted software, we find behaviors aimed to (i) obtain information about the client system and available resources, (ii) perform advanced interaction with OS utilities, or (iii) avoid analysis.